Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1541121
MD5:6a9113565dbd47fd5fbab727070032a1
SHA1:06e47eacafb60abe54c9f91617e9e2666cc54ca3
SHA256:7249fff68a7631120ae1f98a15f93aac880446f9e392b6e3df1d85504a6db2ad
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • file.exe (PID: 7688 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6A9113565DBD47FD5FBAB727070032A1)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
{"C2 url": ["eaglepawnoy.store", "studennotediw.store", "dissapoiznw.store", "clearancek.site", "bathdoomgaz.store", "licendfilteo.site", "mobbipenju.store", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}
SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security
    No Sigma rule has matched
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:04.491196+020020564771Domain Observed Used for C2 Detected192.168.2.9526081.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:04.424957+020020564711Domain Observed Used for C2 Detected192.168.2.9595121.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:04.464033+020020564811Domain Observed Used for C2 Detected192.168.2.9556431.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:04.453191+020020564831Domain Observed Used for C2 Detected192.168.2.9543391.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:04.538715+020020564731Domain Observed Used for C2 Detected192.168.2.9638121.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:04.439755+020020564851Domain Observed Used for C2 Detected192.168.2.9553271.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:04.502409+020020564751Domain Observed Used for C2 Detected192.168.2.9626381.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:04.478390+020020564791Domain Observed Used for C2 Detected192.168.2.9574751.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-10-24T13:02:06.406845+020028586661Domain Observed Used for C2 Detected192.168.2.949732104.102.49.254443TCP

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: file.exeAvira: detected
    Source: file.exe.7688.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["eaglepawnoy.store", "studennotediw.store", "dissapoiznw.store", "clearancek.site", "bathdoomgaz.store", "licendfilteo.site", "mobbipenju.store", "spirittunek.store"], "Build id": "4SD0y4--legendaryy"}
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Source: file.exeJoe Sandbox ML: detected
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: licendfilteo.site
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: spirittunek.store
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: bathdoomgaz.store
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: studennotediw.store
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: dissapoiznw.store
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: eaglepawnoy.store
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: mobbipenju.store
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: clearancek.site
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
    Source: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.9:49732 version: TLS 1.2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_001750FA
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0013D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0013D110
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_001763B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h0_2_0017695B
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_001799D0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+04h]0_2_0013FCA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-10h]0_2_00140EEC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [edx]0_2_00131000
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then dec ebx0_2_0016F030
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00146F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00174040
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00176094
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0015D1E1
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_00152260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [esi], ax0_2_00152260
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_001442FC
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, eax0_2_0013A300
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al0_2_001623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+30h]0_2_001623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+14h]0_2_001623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp], 00000000h0_2_0014B410
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0015E40C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_0014D457
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, word ptr [esi+ecx]0_2_00171440
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+0Ch]0_2_0015C470
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh0_2_001764B8
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00159510
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00146536
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh0_2_00177520
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]0_2_00138590
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_0016B650
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0015E66A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [edi+eax]0_2_00177710
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00175700
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0015D7AF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+08h]0_2_001767EF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], dx0_2_001528E9
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h0_2_00173920
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h0_2_0014D961
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]0_2_001349A0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00141A3C
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]0_2_00135A50
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h0_2_00174A40
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00141ACD
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh0_2_00179B60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+000006B8h]0_2_0014DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h0_2_0014DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00160B80
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+04h]0_2_00143BE2
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00141BEE
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h0_2_00157C00
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh0_2_0016FC20
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [eax+esi+02h], 0000h0_2_0015EC48
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_0015AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], ax0_2_0015AC91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h0_2_0015CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0015CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h0_2_0015CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00179CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh0_2_00179CE0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh0_2_0015FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [ebp-14h]0_2_0015DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00178D8A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, ecx0_2_00144E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, word ptr [ecx]0_2_0015AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00155E70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx0_2_00157E60
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp+40h]0_2_00141E93
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, word ptr [ebp+00h]0_2_0013BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [ebx], 00000000h0_2_00146EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]0_2_00136EA0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_0016FF70
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax0_2_00159F62
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esi+20h]0_2_00146F91
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00175FD6
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx0_2_00138FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], 0000h0_2_0014FFDF
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h0_2_00177FC0
    Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov eax, dword ptr [esp]0_2_00177FC0

    Networking

    barindex
    Source: Network trafficSuricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.9:52608 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.9:62638 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.9:55643 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.9:54339 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.9:55327 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.9:59512 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.9:57475 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.9:63812 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.9:49732 -> 104.102.49.254:443
    Source: Malware configuration extractorURLs: eaglepawnoy.store
    Source: Malware configuration extractorURLs: studennotediw.store
    Source: Malware configuration extractorURLs: dissapoiznw.store
    Source: Malware configuration extractorURLs: clearancek.site
    Source: Malware configuration extractorURLs: bathdoomgaz.store
    Source: Malware configuration extractorURLs: licendfilteo.site
    Source: Malware configuration extractorURLs: mobbipenju.store
    Source: Malware configuration extractorURLs: spirittunek.store
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewASN Name: AKAMAI-ASUS AKAMAI-ASUS
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=f784b5bde8c11ffa69223944; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type26105Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveThu, 24 Oct 2024 11:02:06 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: clearancek.site
    Source: global trafficDNS traffic detected: DNS query: mobbipenju.store
    Source: global trafficDNS traffic detected: DNS query: eaglepawnoy.store
    Source: global trafficDNS traffic detected: DNS query: dissapoiznw.store
    Source: global trafficDNS traffic detected: DNS query: studennotediw.store
    Source: global trafficDNS traffic detected: DNS query: bathdoomgaz.store
    Source: global trafficDNS traffic detected: DNS query: spirittunek.store
    Source: global trafficDNS traffic detected: DNS query: licendfilteo.site
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: file.exe, 00000000.00000002.1382848976.0000000000E53000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381839490.0000000000E50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381954406.0000000000E52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clearancek.site/api
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=e
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: file.exe, 00000000.00000003.1381926909.0000000000E89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/6
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: file.exe, 00000000.00000003.1381954406.0000000000E52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: file.exe, 00000000.00000003.1381926909.0000000000E89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: file.exe, 00000000.00000003.1381839490.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.9:49732 version: TLS 1.2

    System Summary

    barindex
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001402280_2_00140228
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001310000_2_00131000
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002530060_2_00253006
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001420300_2_00142030
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001740400_2_00174040
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0017A0D00_2_0017A0D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003021630_2_00302163
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001351600_2_00135160
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013E1A00_2_0013E1A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001371F00_2_001371F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001682D00_2_001682D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001612D00_2_001612D0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002FD2F90_2_002FD2F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001312F70_2_001312F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013A3000_2_0013A300
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003043140_2_00304314
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013139D0_2_0013139D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013B3A00_2_0013B3A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0030C3F70_2_0030C3F7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001623E00_2_001623E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002144200_2_00214420
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0015C4700_2_0015C470
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0014049B0_2_0014049B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001444870_2_00144487
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001664F00_2_001664F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0026255D0_2_0026255D
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001385900_2_00138590
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001335B00_2_001335B0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0014C5F00_2_0014C5F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016F6200_2_0016F620
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001786520_2_00178652
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013164F0_2_0013164F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001786F00_2_001786F0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013A8500_2_0013A850
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001618600_2_00161860
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003058AD0_2_003058AD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016E8A00_2_0016E8A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0016B8C00_2_0016B8C0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0015098B0_2_0015098B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001789A00_2_001789A0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002EF9CC0_2_002EF9CC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00174A400_2_00174A40
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001D6A6F0_2_001D6A6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00178A800_2_00178A80
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00177AB00_2_00177AB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0014DB6F0_2_0014DB6F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00137BF00_2_00137BF0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00178C020_2_00178C02
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00176CBF0_2_00176CBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00225C9B0_2_00225C9B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0015CCD00_2_0015CCD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0015FD100_2_0015FD10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0015DD290_2_0015DD29
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00158D620_2_00158D62
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00215D580_2_00215D58
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_002FEDB70_2_002FEDB7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00144E2A0_2_00144E2A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0015AE570_2_0015AE57
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00178E700_2_00178E70
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013BEB00_2_0013BEB0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00146EBF0_2_00146EBF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_001F5EE10_2_001F5EE1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0013AF100_2_0013AF10
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00138FD00_2_00138FD0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00177FC00_2_00177FC0
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0013CAA0 appears 48 times
    Source: C:\Users\user\Desktop\file.exeCode function: String function: 0014D300 appears 152 times
    Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
    Source: file.exeStatic PE information: Section: ZLIB complexity 0.9995229991749175
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@9/1
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00168220 CoCreateInstance,0_2_00168220
    Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: file.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: file.exeString found in binary or memory: lRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeh
    Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
    Source: file.exeStatic file information: File size 2949120 > 1048576
    Source: file.exeStatic PE information: Raw size of tlyflxfh is bigger than: 0x100000 < 0x2a6a00

    Data Obfuscation

    barindex
    Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.130000.0.unpack :EW;.rsrc :W;.idata :W;tlyflxfh:EW;iplnhqea:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;tlyflxfh:EW;iplnhqea:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: file.exeStatic PE information: real checksum: 0x2d826a should be: 0x2dc956
    Source: file.exeStatic PE information: section name:
    Source: file.exeStatic PE information: section name: .rsrc
    Source: file.exeStatic PE information: section name: .idata
    Source: file.exeStatic PE information: section name: tlyflxfh
    Source: file.exeStatic PE information: section name: iplnhqea
    Source: file.exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0025C007 push esi; mov dword ptr [esp], ecx0_2_0025C024
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00253006 push 63675FD1h; mov dword ptr [esp], ebp0_2_00253021
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00253006 push 4A58192Ah; mov dword ptr [esp], ebp0_2_002530E0
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00253006 push 130963F2h; mov dword ptr [esp], esi0_2_0025317F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00253006 push ebx; mov dword ptr [esp], 519C0F0Ch0_2_002531BD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00253006 push edx; mov dword ptr [esp], 56585204h0_2_00253218
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00253006 push eax; mov dword ptr [esp], ebx0_2_0025326C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00253006 push 777308F1h; mov dword ptr [esp], ecx0_2_0025327E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DA044 push 7A8237A1h; mov dword ptr [esp], esi0_2_003D9FE7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DA0D8 push ecx; mov dword ptr [esp], ebp0_2_003DAA16
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DF17B push 09EAF5E8h; mov dword ptr [esp], ebp0_2_003DF672
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_003DF17B push 4A26E623h; mov dword ptr [esp], eax0_2_003DF68C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00314178 push ebx; mov dword ptr [esp], eax0_2_003147F9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ecx; mov dword ptr [esp], ebp0_2_0030216E
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push 156F5182h; mov dword ptr [esp], eax0_2_003021E6
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push eax; mov dword ptr [esp], 66FDEDBDh0_2_003021EB
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ebp; mov dword ptr [esp], 60119EAAh0_2_00302260
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push edi; mov dword ptr [esp], ebx0_2_003022A4
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ebp; mov dword ptr [esp], edx0_2_003022DF
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ebx; mov dword ptr [esp], ecx0_2_003023C7
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push 4207D5BDh; mov dword ptr [esp], eax0_2_003023D9
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ebp; mov dword ptr [esp], ecx0_2_00302512
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push 448D96FEh; mov dword ptr [esp], esi0_2_0030255B
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push edx; mov dword ptr [esp], ecx0_2_003025CD
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ebx; mov dword ptr [esp], 298F8EA1h0_2_0030266C
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ecx; mov dword ptr [esp], 16E22E44h0_2_00302733
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ebx; mov dword ptr [esp], 7FFAE112h0_2_0030273F
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push 3EF24FA8h; mov dword ptr [esp], eax0_2_003027AC
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push 12084BBAh; mov dword ptr [esp], eax0_2_0030283A
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push edi; mov dword ptr [esp], ecx0_2_00302861
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00302163 push ebp; mov dword ptr [esp], ebx0_2_003028B6
    Source: file.exeStatic PE information: section name: entropy: 7.9800275105669884

    Boot Survival

    barindex
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30DA57 second address: 30DA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F92C0FBDBDAh 0x0000000c push esi 0x0000000d pop esi 0x0000000e push edi 0x0000000f pop edi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 jnp 00007F92C0FBDBE2h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30DA7C second address: 30DA83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311F86 second address: 311F8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311F8A second address: 311F8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311F8E second address: 311F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311F96 second address: 311FA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F92C1085876h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311FA0 second address: 311FA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311FA4 second address: 311FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F92C1085884h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311FC1 second address: 311FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b js 00007F92C0FBDBD6h 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007F92C0FBDBE0h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311FE9 second address: 311FED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 311FED second address: 31201E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F92C0FBDBE5h 0x0000000b push edi 0x0000000c jmp 00007F92C0FBDBE3h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 312528 second address: 312544 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F92C108587Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F92C1085876h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 31267A second address: 31267E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 31267E second address: 312682 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315AE6 second address: 315AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F92C0FBDBDCh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315BEF second address: 315C2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085889h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F92C1085883h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jc 00007F92C1085880h 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315C2E second address: 315C56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 jc 00007F92C0FBDBE2h 0x0000000e jmp 00007F92C0FBDBDCh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 pushad 0x00000019 jno 00007F92C0FBDBD6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315D1C second address: 315D8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085886h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+122D31D3h], eax 0x00000012 push 00000000h 0x00000014 mov dl, 54h 0x00000016 call 00007F92C1085879h 0x0000001b pushad 0x0000001c push esi 0x0000001d jng 00007F92C1085876h 0x00000023 pop esi 0x00000024 jmp 00007F92C108587Dh 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c jmp 00007F92C108587Ch 0x00000031 pop eax 0x00000032 mov eax, dword ptr [esp+04h] 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F92C1085885h 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315D8D second address: 315DB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c jmp 00007F92C0FBDBE3h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 jl 00007F92C0FBDBD6h 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315DB9 second address: 315DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315DBD second address: 315E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 js 00007F92C0FBDBD6h 0x0000000d pop ebx 0x0000000e popad 0x0000000f pop eax 0x00000010 mov dword ptr [ebp+122D3A05h], edi 0x00000016 push 00000003h 0x00000018 mov esi, dword ptr [ebp+122D3A74h] 0x0000001e push 00000000h 0x00000020 mov edi, dword ptr [ebp+122D2037h] 0x00000026 push 00000003h 0x00000028 mov ecx, dword ptr [ebp+122D3009h] 0x0000002e clc 0x0000002f call 00007F92C0FBDBD9h 0x00000034 pushad 0x00000035 pushad 0x00000036 jno 00007F92C0FBDBD6h 0x0000003c pushad 0x0000003d popad 0x0000003e popad 0x0000003f jg 00007F92C0FBDBD8h 0x00000045 popad 0x00000046 push eax 0x00000047 jmp 00007F92C0FBDBDBh 0x0000004c mov eax, dword ptr [esp+04h] 0x00000050 push eax 0x00000051 push edx 0x00000052 jmp 00007F92C0FBDBDEh 0x00000057 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 315E29 second address: 315E33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F92C1085876h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE26 second address: 30BE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE2C second address: 30BE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE30 second address: 30BE3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE3B second address: 30BE57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C108587Dh 0x00000009 jbe 00007F92C1085876h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE57 second address: 30BE61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F92C0FBDBD6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE61 second address: 30BE65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE65 second address: 30BE88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F92C0FBDBDBh 0x00000010 popad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 jne 00007F92C0FBDBD6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE88 second address: 30BE8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE8D second address: 30BE93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE93 second address: 30BE9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F92C1085876h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30BE9D second address: 30BEA7 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F92C0FBDBD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 333DE8 second address: 333E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F92C108587Ch 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3340CD second address: 3340D9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F92C0FBDBD6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3340D9 second address: 3340E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F92C1085876h 0x0000000a jbe 00007F92C1085876h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3340E9 second address: 3340ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334327 second address: 33432B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33432B second address: 334339 instructions: 0x00000000 rdtsc 0x00000002 je 00007F92C0FBDBD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334339 second address: 33433D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33433D second address: 334341 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33446E second address: 33447B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F92C1085876h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33461D second address: 334621 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334621 second address: 334625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334789 second address: 33478F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33478F second address: 334794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334794 second address: 3347A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jnc 00007F92C0FBDBD6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334A38 second address: 334A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334A3C second address: 334A41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334A41 second address: 334A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334BAF second address: 334BB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334D46 second address: 334D50 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F92C108587Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32CE78 second address: 32CE7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32CE7E second address: 32CE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F92C1085884h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 334EFC second address: 334F02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33564A second address: 335660 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007F92C1085876h 0x00000009 jno 00007F92C1085876h 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3358F3 second address: 3358F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3358F9 second address: 3358FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 337F77 second address: 337F8E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F92C0FBDBD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F92C0FBDBDDh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 337F8E second address: 337F97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 33B2A2 second address: 33B2B1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3413F6 second address: 3413FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3413FB second address: 341401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 341401 second address: 34140A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 340834 second address: 340851 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C0FBDBE9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34127C second address: 341280 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 342BE6 second address: 342BFC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F92C0FBDBDEh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 342BFC second address: 342C13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jp 00007F92C1085876h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 342DC1 second address: 342DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C0FBDBE2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F92C0FBDBD6h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 342DE0 second address: 342DF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 342ECD second address: 342EF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F92C0FBDBE9h 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 343591 second address: 343595 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 343595 second address: 3435C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007F92C0FBDBD8h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 jmp 00007F92C0FBDBE8h 0x00000016 pop edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34400C second address: 344012 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 344995 second address: 344A08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 ja 00007F92C0FBDBF2h 0x0000000f nop 0x00000010 mov di, bx 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007F92C0FBDBD8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f push 00000000h 0x00000031 jo 00007F92C0FBDBDBh 0x00000037 mov esi, 494952F3h 0x0000003c mov esi, 75AC6020h 0x00000041 push eax 0x00000042 pushad 0x00000043 pushad 0x00000044 je 00007F92C0FBDBD6h 0x0000004a push ebx 0x0000004b pop ebx 0x0000004c popad 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3459E2 second address: 345A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F92C1085876h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jmp 00007F92C1085884h 0x00000012 nop 0x00000013 mov dword ptr [ebp+122D396Bh], ebx 0x00000019 push 00000000h 0x0000001b adc di, 65CAh 0x00000020 clc 0x00000021 push 00000000h 0x00000023 mov dword ptr [ebp+12455C07h], eax 0x00000029 xchg eax, ebx 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F92C1085881h 0x00000031 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 345A2E second address: 345A38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F92C0FBDBD6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 345A38 second address: 345A62 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085886h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F92C108587Bh 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34622D second address: 346233 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 346233 second address: 346237 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 346D58 second address: 346D5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347B43 second address: 347B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 jo 00007F92C1085876h 0x0000000c pop esi 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 jno 00007F92C1085876h 0x00000017 sbb si, EF30h 0x0000001c push 00000000h 0x0000001e xor esi, 01976894h 0x00000024 mov dword ptr [ebp+122D39A2h], edx 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ecx 0x0000002f call 00007F92C1085878h 0x00000034 pop ecx 0x00000035 mov dword ptr [esp+04h], ecx 0x00000039 add dword ptr [esp+04h], 0000001Ch 0x00000041 inc ecx 0x00000042 push ecx 0x00000043 ret 0x00000044 pop ecx 0x00000045 ret 0x00000046 xchg eax, ebx 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b jp 00007F92C1085876h 0x00000051 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 346D5C second address: 346D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F92C0FBDBDCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347B9E second address: 347BA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347BA2 second address: 347BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 347BA8 second address: 347BB2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F92C108587Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3495AF second address: 3495B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3495B7 second address: 3495BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34832F second address: 348333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 349BA0 second address: 349BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34D6FD second address: 34D702 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34F61A second address: 34F639 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085883h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34F639 second address: 34F63F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34F63F second address: 34F645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 351734 second address: 35174B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F92C0FBDBE3h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34F7F8 second address: 34F7FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 353788 second address: 35378C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 352934 second address: 3529B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F92C1085878h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F92C1085878h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 push dword ptr fs:[00000000h] 0x0000002f push esi 0x00000030 add edi, dword ptr [ebp+122D33F1h] 0x00000036 pop ebx 0x00000037 mov dword ptr fs:[00000000h], esp 0x0000003e mov ebx, dword ptr [ebp+122D39D2h] 0x00000044 mov eax, dword ptr [ebp+122D1335h] 0x0000004a push 00000000h 0x0000004c push ebx 0x0000004d call 00007F92C1085878h 0x00000052 pop ebx 0x00000053 mov dword ptr [esp+04h], ebx 0x00000057 add dword ptr [esp+04h], 00000017h 0x0000005f inc ebx 0x00000060 push ebx 0x00000061 ret 0x00000062 pop ebx 0x00000063 ret 0x00000064 cmc 0x00000065 push FFFFFFFFh 0x00000067 jo 00007F92C108587Ch 0x0000006d mov ebx, dword ptr [ebp+122D1D69h] 0x00000073 mov bx, dx 0x00000076 push eax 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a push eax 0x0000007b push edx 0x0000007c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3529B9 second address: 3529BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35691E second address: 356924 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 356924 second address: 356928 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3578FF second address: 357911 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F92C1085876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 357911 second address: 357915 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 357915 second address: 35791B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35791B second address: 35792C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F92C0FBDBDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35A727 second address: 35A72D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35A72D second address: 35A733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35A733 second address: 35A7BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F92C108587Dh 0x0000000e nop 0x0000000f call 00007F92C1085886h 0x00000014 sub ebx, 36FE7F0Eh 0x0000001a pop ebx 0x0000001b push 00000000h 0x0000001d mov dword ptr [ebp+122D3932h], ecx 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007F92C1085878h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f mov di, si 0x00000042 xchg eax, esi 0x00000043 jng 00007F92C108588Bh 0x00000049 jmp 00007F92C1085885h 0x0000004e push eax 0x0000004f jo 00007F92C1085880h 0x00000055 pushad 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 357B06 second address: 357B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 357B0A second address: 357BBA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085882h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F92C1085888h 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 mov di, 1D66h 0x00000016 mov bl, 3Ah 0x00000018 push dword ptr fs:[00000000h] 0x0000001f sub dword ptr [ebp+122D246Eh], edx 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c xor ebx, dword ptr [ebp+122D2DD1h] 0x00000032 mov eax, dword ptr [ebp+122D1315h] 0x00000038 push 00000000h 0x0000003a push edi 0x0000003b call 00007F92C1085878h 0x00000040 pop edi 0x00000041 mov dword ptr [esp+04h], edi 0x00000045 add dword ptr [esp+04h], 0000001Ch 0x0000004d inc edi 0x0000004e push edi 0x0000004f ret 0x00000050 pop edi 0x00000051 ret 0x00000052 pushad 0x00000053 mov si, bx 0x00000056 jno 00007F92C108587Bh 0x0000005c popad 0x0000005d push FFFFFFFFh 0x0000005f movsx edi, di 0x00000062 push eax 0x00000063 pushad 0x00000064 jg 00007F92C1085889h 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d popad 0x0000006e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 356AD1 second address: 356AE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F92C0FBDBE4h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 358A93 second address: 358A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 358A97 second address: 358A9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 359984 second address: 3599A8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F92C108587Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007F92C108587Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35C907 second address: 35C90C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35C90C second address: 35C912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35C912 second address: 35C916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 355B56 second address: 355B62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35BA19 second address: 35BA1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 35A93B second address: 35AA02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 movsx ebx, bx 0x00000009 push dword ptr fs:[00000000h] 0x00000010 mov edi, dword ptr [ebp+122D2E09h] 0x00000016 jl 00007F92C1085878h 0x0000001c mov edi, ecx 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push ebx 0x00000028 call 00007F92C1085878h 0x0000002d pop ebx 0x0000002e mov dword ptr [esp+04h], ebx 0x00000032 add dword ptr [esp+04h], 00000016h 0x0000003a inc ebx 0x0000003b push ebx 0x0000003c ret 0x0000003d pop ebx 0x0000003e ret 0x0000003f xor ebx, 651A3C3Dh 0x00000045 mov bx, cx 0x00000048 mov eax, dword ptr [ebp+122D0145h] 0x0000004e mov edi, dword ptr [ebp+122D395Ah] 0x00000054 push FFFFFFFFh 0x00000056 call 00007F92C1085884h 0x0000005b or dword ptr [ebp+12452BB2h], esi 0x00000061 pop edi 0x00000062 call 00007F92C1085885h 0x00000067 push ebx 0x00000068 jmp 00007F92C1085881h 0x0000006d pop edi 0x0000006e pop ebx 0x0000006f nop 0x00000070 jmp 00007F92C1085886h 0x00000075 push eax 0x00000076 pushad 0x00000077 jc 00007F92C1085878h 0x0000007d pushad 0x0000007e popad 0x0000007f push eax 0x00000080 push edx 0x00000081 jp 00007F92C1085876h 0x00000087 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 362D7F second address: 362D94 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F92C0FBDBD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push edx 0x0000000c pop edx 0x0000000d pop edi 0x0000000e popad 0x0000000f push eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pop edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3662EF second address: 3662FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3662FA second address: 3662FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 305255 second address: 305259 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3659C4 second address: 3659EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jnc 00007F92C0FBDBD6h 0x0000000c jmp 00007F92C0FBDBE8h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 365B6D second address: 365B84 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085882h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 365B84 second address: 365BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F92C0FBDBD6h 0x00000013 jmp 00007F92C0FBDBE6h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 365BAD second address: 365BCF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085880h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F92C108587Ah 0x00000011 pop ecx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 365BCF second address: 365BD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 365BD7 second address: 365BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 365E5D second address: 365E7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F92C0FBDBE9h 0x00000008 push esi 0x00000009 pop esi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 365E7F second address: 365E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F92C1085876h 0x0000000d jmp 00007F92C108587Bh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 365E97 second address: 365E9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 369FA5 second address: 369FDF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085886h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F92C1085885h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36A0A9 second address: 36A0C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jnp 00007F92C0FBDBD6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F92C0FBDBD6h 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36A0C1 second address: 36A0F7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F92C1085882h 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F92C1085887h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36A0F7 second address: 36A109 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F92C0FBDBDEh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36A109 second address: 36A10D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36A10D second address: 36A132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push edi 0x0000000b jmp 00007F92C0FBDBE1h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push ebx 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 36A1E0 second address: 36A1F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C108587Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 308937 second address: 308969 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F92C0FBDBDAh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F92C0FBDBDCh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 jmp 00007F92C0FBDBDEh 0x00000019 pushad 0x0000001a jc 00007F92C0FBDBD6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 308969 second address: 30896F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37240E second address: 372413 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 371FC5 second address: 371FCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 371FCA second address: 371FD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 372127 second address: 37212D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 373A50 second address: 373A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 373A54 second address: 373A58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 373A58 second address: 373A64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F92C0FBDBD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 373A64 second address: 373A74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F92C108587Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 373A74 second address: 373A78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 373A78 second address: 373A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37678A second address: 376790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37BF14 second address: 37BF1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37BF1A second address: 37BF25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F92C0FBDBD6h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37BF25 second address: 37BF58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jnl 00007F92C1085876h 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop eax 0x0000000c jnl 00007F92C1085882h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 jmp 00007F92C108587Fh 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AAC3 second address: 37AACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AACB second address: 37AAD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AAD6 second address: 37AADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AADA second address: 37AAE6 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F92C1085876h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AAE6 second address: 37AAF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F92C0FBDBD6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AAF2 second address: 37AAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AAF6 second address: 37AB25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C0FBDBDBh 0x00000007 ja 00007F92C0FBDBD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 ja 00007F92C0FBDBE2h 0x00000018 jns 00007F92C0FBDBD6h 0x0000001e js 00007F92C0FBDBD6h 0x00000024 pushad 0x00000025 pushad 0x00000026 popad 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AB25 second address: 37AB2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AB2D second address: 37AB53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C0FBDBE8h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37ACA7 second address: 37ACAF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37AF75 second address: 37AF9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F92C0FBDBDBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jno 00007F92C0FBDBD6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007F92C0FBDBDBh 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37B232 second address: 37B24B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pop eax 0x00000008 popad 0x00000009 push ebx 0x0000000a jo 00007F92C1085876h 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jbe 00007F92C1085876h 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37B24B second address: 37B273 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F92C0FBDBD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F92C0FBDBE9h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37B3F3 second address: 37B3F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37B952 second address: 37B96B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C0FBDBE0h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37B96B second address: 37B974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37B974 second address: 37B97E instructions: 0x00000000 rdtsc 0x00000002 jp 00007F92C0FBDBDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37B97E second address: 37B9A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F92C1085885h 0x0000000d jmp 00007F92C108587Bh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 32D91B second address: 32D91F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37A629 second address: 37A645 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085888h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37A645 second address: 37A64B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37A64B second address: 37A660 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jns 00007F92C1085876h 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37F659 second address: 37F65D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37F65D second address: 37F678 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jl 00007F92C1085876h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F92C108587Bh 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37F678 second address: 37F67C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34B700 second address: 32CE78 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F92C1085876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F92C1085878h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000019h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 jl 00007F92C1085876h 0x0000002e call dword ptr [ebp+122D39F4h] 0x00000034 push ebx 0x00000035 jmp 00007F92C1085888h 0x0000003a pop ebx 0x0000003b push eax 0x0000003c push edx 0x0000003d push edi 0x0000003e push eax 0x0000003f push edx 0x00000040 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34BD61 second address: 34BD65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34BE1A second address: 34BEA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 add dword ptr [esp], 0E9FB7C2h 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F92C1085878h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 0000001Dh 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 sub dword ptr [ebp+1246780Dh], eax 0x0000002e call 00007F92C1085879h 0x00000033 push ecx 0x00000034 pushad 0x00000035 jmp 00007F92C1085882h 0x0000003a jmp 00007F92C108587Bh 0x0000003f popad 0x00000040 pop ecx 0x00000041 push eax 0x00000042 pushad 0x00000043 jmp 00007F92C1085885h 0x00000048 push eax 0x00000049 push edx 0x0000004a jmp 00007F92C1085883h 0x0000004f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34BEA9 second address: 34BEAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34BEAD second address: 34BED0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F92C1085886h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34BED0 second address: 34BEDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F92C0FBDBD6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34BEDA second address: 34BEF9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F92C1085876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f jbe 00007F92C1085878h 0x00000015 jnl 00007F92C108587Ch 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34C241 second address: 34C245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34C883 second address: 34C888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34CB34 second address: 34CB42 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 34CB42 second address: 32D91B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085880h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D3939h], ecx 0x00000011 mov dword ptr [ebp+122D1D69h], ebx 0x00000017 lea eax, dword ptr [ebp+1248B42Fh] 0x0000001d adc dx, 37C9h 0x00000022 push eax 0x00000023 jmp 00007F92C1085888h 0x00000028 mov dword ptr [esp], eax 0x0000002b jmp 00007F92C108587Bh 0x00000030 call dword ptr [ebp+122D33E5h] 0x00000036 pushad 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37FBAD second address: 37FBB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F92C0FBDBD6h 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37FBB8 second address: 37FBC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F92C108587Ah 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37FBC9 second address: 37FBD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 37FBD2 second address: 37FBE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C1085883h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 380281 second address: 38028B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F92C0FBDBD6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 384A10 second address: 384A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 384A18 second address: 384A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C0FBDBE4h 0x00000009 popad 0x0000000a popad 0x0000000b push esi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 384794 second address: 3847B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C1085887h 0x00000009 popad 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3847B3 second address: 3847B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3847B8 second address: 3847BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3847BE second address: 3847C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3856DF second address: 3856E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3856E6 second address: 3856EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38C9C3 second address: 38C9C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38C9C9 second address: 38C9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e jmp 00007F92C0FBDBDAh 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38C9E7 second address: 38C9EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38C9EB second address: 38C9EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30A349 second address: 30A35F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085880h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 30A35F second address: 30A363 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38F0EA second address: 38F102 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F92C1085876h 0x0000000a popad 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 js 00007F92C1085876h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38F3D7 second address: 38F3E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F92C0FBDBD6h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38F3E6 second address: 38F3EC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38F3EC second address: 38F3F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38F594 second address: 38F5B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085882h 0x00000007 jne 00007F92C1085876h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38F5B0 second address: 38F5B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38F5B5 second address: 38F5D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F92C1085880h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 push edi 0x00000011 pop edi 0x00000012 pop ecx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 38F5D6 second address: 38F5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C0FBDBDFh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39354A second address: 39356E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C1085887h 0x00000009 popad 0x0000000a jg 00007F92C108587Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39356E second address: 393576 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39321D second address: 393245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C1085881h 0x00000009 jmp 00007F92C108587Dh 0x0000000e popad 0x0000000f pushad 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 394BF1 second address: 394C0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C0FBDBE1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 399E8B second address: 399EA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C108587Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39A2EB second address: 39A323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 jmp 00007F92C0FBDBE2h 0x0000000e pushad 0x0000000f je 00007F92C0FBDBD6h 0x00000015 jmp 00007F92C0FBDBDDh 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jng 00007F92C0FBDBD6h 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39B01B second address: 39B055 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085886h 0x00000007 jnp 00007F92C1085876h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F92C1085888h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39E75E second address: 39E764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39E764 second address: 39E77D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C1085883h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39E77D second address: 39E782 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39E782 second address: 39E788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39E788 second address: 39E7C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F92C0FBDBE8h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edx 0x00000012 jnc 00007F92C0FBDBE2h 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39E901 second address: 39E914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F92C1085876h 0x0000000a pushad 0x0000000b popad 0x0000000c ja 00007F92C1085876h 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39ED05 second address: 39ED11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F92C0FBDBD6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 39ED11 second address: 39ED17 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A5CEA second address: 3A5D00 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F92C0FBDBD6h 0x00000008 jns 00007F92C0FBDBD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A5FD3 second address: 3A5FE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C108587Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A656A second address: 3A6570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A6570 second address: 3A6574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A6B2C second address: 3A6B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A6B35 second address: 3A6B3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F92C1085876h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A6B3F second address: 3A6B55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C0FBDBDCh 0x00000007 jnl 00007F92C0FBDBD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A6B55 second address: 3A6B74 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F92C1085882h 0x00000008 push ebx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A7047 second address: 3A704B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A704B second address: 3A705F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F92C1085876h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007F92C1085876h 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3A705F second address: 3A7068 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AEE17 second address: 3AEE1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF093 second address: 3AF0F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C0FBDBE8h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F92C0FBDBE8h 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007F92C0FBDBD6h 0x00000019 jmp 00007F92C0FBDBE0h 0x0000001e popad 0x0000001f pushad 0x00000020 push esi 0x00000021 pop esi 0x00000022 push esi 0x00000023 pop esi 0x00000024 pushad 0x00000025 popad 0x00000026 popad 0x00000027 popad 0x00000028 pushad 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF0F0 second address: 3AF129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 jmp 00007F92C1085886h 0x0000000c pushad 0x0000000d jmp 00007F92C1085889h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF39E second address: 3AF3BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F92C0FBDBD6h 0x0000000a pop ecx 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F92C0FBDBDFh 0x00000013 pop ebx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF516 second address: 3AF51A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF51A second address: 3AF536 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F92C0FBDBD6h 0x00000008 jmp 00007F92C0FBDBE2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF536 second address: 3AF569 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C108587Dh 0x00000007 jmp 00007F92C1085883h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 jo 00007F92C1085876h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3AF569 second address: 3AF577 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B70C2 second address: 3B70E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F92C108587Eh 0x0000000b jnl 00007F92C1085876h 0x00000011 popad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007F92C1085876h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B70E6 second address: 3B70EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B70EC second address: 3B7100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F92C108587Ch 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B7100 second address: 3B7104 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B7104 second address: 3B710F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B53DC second address: 3B53E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B53E2 second address: 3B53E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B53E6 second address: 3B53FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F92C0FBDBE2h 0x0000000e jo 00007F92C0FBDBD6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B581E second address: 3B5823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B5ADD second address: 3B5AE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B5AE1 second address: 3B5AF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F92C108587Ah 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B5DB8 second address: 3B5DC2 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F92C0FBDBDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3B5F54 second address: 3B5F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F92C1085876h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jns 00007F92C1085876h 0x00000014 js 00007F92C1085876h 0x0000001a jne 00007F92C1085876h 0x00000020 popad 0x00000021 jnp 00007F92C1085886h 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3BE619 second address: 3BE61E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CD13B second address: 3CD15F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F92C1085876h 0x00000008 jno 00007F92C1085876h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edi 0x00000011 pushad 0x00000012 jng 00007F92C108587Eh 0x00000018 je 00007F92C1085876h 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3CD15F second address: 3CD178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C0FBDBE5h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DDE48 second address: 3DDE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F92C1085876h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DDC84 second address: 3DDCA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 jmp 00007F92C0FBDBE7h 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DDCA2 second address: 3DDCA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DDCA8 second address: 3DDCAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DDCAC second address: 3DDCBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jc 00007F92C1085876h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DDCBD second address: 3DDCF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push ecx 0x00000008 push ecx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F92C0FBDBE7h 0x00000015 jmp 00007F92C0FBDBE4h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3DDCF8 second address: 3DDCFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E3DFF second address: 3E3E22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C0FBDBE3h 0x00000009 popad 0x0000000a jmp 00007F92C0FBDBDBh 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E3E22 second address: 3E3E41 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jnl 00007F92C1085882h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E3E41 second address: 3E3E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E3E47 second address: 3E3E4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E3FB2 second address: 3E3FBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F92C0FBDBD6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E3FBC second address: 3E3FD1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F92C108587Fh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E3FD1 second address: 3E3FD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3E4D0D second address: 3E4D13 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EB01D second address: 3EB027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F92C0FBDBD6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EB027 second address: 3EB039 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c jns 00007F92C1085876h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EABF0 second address: 3EABFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEE99 second address: 3EEE9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEE9F second address: 3EEEA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEEA5 second address: 3EEEE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop esi 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a jnc 00007F92C1085878h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F92C1085886h 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F92C1085880h 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEEE5 second address: 3EEEF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F92C0FBDBD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEEF1 second address: 3EEF04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F92C108587Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3EEF04 second address: 3EEF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F92C0FBDBD6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F92C0FBDBDDh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F7945 second address: 3F7960 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F92C1085885h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F7960 second address: 3F7965 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F7965 second address: 3F799F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F92C1085888h 0x00000009 jo 00007F92C1085876h 0x0000000f popad 0x00000010 push eax 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop eax 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 jmp 00007F92C108587Dh 0x0000001e pop eax 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F799F second address: 3F79A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 3F79A7 second address: 3F79B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CCFD second address: 40CD12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F92C0FBDBDAh 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 40CD12 second address: 40CD16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 421782 second address: 42178E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F92C0FBDBD6h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 424ED3 second address: 424F34 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F92C1085878h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jmp 00007F92C1085886h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F92C1085886h 0x00000017 pushad 0x00000018 push eax 0x00000019 pop eax 0x0000001a jmp 00007F92C108587Dh 0x0000001f popad 0x00000020 jmp 00007F92C1085883h 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4253BA second address: 4253CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b popad 0x0000000c push edx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4253CA second address: 4253EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F92C1085887h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 425556 second address: 425562 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jg 00007F92C0FBDBD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 425562 second address: 425567 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 425880 second address: 425886 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 425B0F second address: 425B23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F92C1085880h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 428A7D second address: 428A82 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 428D42 second address: 428D5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F92C108587Bh 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 428D5C second address: 428D60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 428D60 second address: 428D64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 428D64 second address: 428D83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F92C0FBDBE7h 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 429029 second address: 429075 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F92C108587Ch 0x0000000b popad 0x0000000c push eax 0x0000000d jnc 00007F92C1085894h 0x00000013 nop 0x00000014 push dword ptr [ebp+122D2AD3h] 0x0000001a mov dh, ah 0x0000001c push 744F18A5h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 429075 second address: 429079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 429079 second address: 429083 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F92C1085876h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 42A2E6 second address: 42A2F2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F92C0FBDBD6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0CE6 second address: 4CD0CFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C1085881h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0CFB second address: 4CD0D00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0D00 second address: 4CD0D18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dl, FFh 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F92C108587Bh 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0D18 second address: 4CD0D7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 60B02A6Ah 0x00000008 pushfd 0x00000009 jmp 00007F92C0FBDBDBh 0x0000000e jmp 00007F92C0FBDBE3h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 jns 00007F92C0FBDC19h 0x0000001d jmp 00007F92C0FBDBE6h 0x00000022 add eax, ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F92C0FBDBE7h 0x0000002b rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0D7A second address: 4CD0D80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0D80 second address: 4CD0D84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0D84 second address: 4CD0D9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax+00000860h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F92C108587Ah 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0D9E second address: 4CD0DC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C0FBDBDBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F92C0FBDBE5h 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0DC6 second address: 4CD0DE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F933177B807h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F92C108587Bh 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0DE1 second address: 4CD0E08 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F92C0FBDBE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test byte ptr [eax+04h], 00000005h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0E08 second address: 4CD0E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CD0E0C second address: 4CD0E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 3399A9 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 362DFE instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 7840Thread sleep time: -30000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\file.exe TID: 7840Thread sleep time: -30000s >= -30000sJump to behavior
    Source: file.exe, file.exe, 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: file.exe, 00000000.00000003.1381839490.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382848976.0000000000E5D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382848976.0000000000E79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381954406.0000000000E79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381839490.0000000000E79000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: file.exe, 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: file.exe, 00000000.00000002.1382752210.0000000000DFE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SICE
    Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00175BB0 LdrInitializeThunk,0_2_00175BB0

    HIPS / PFW / Operating System Protection Evasion

    barindex
    Source: file.exeString found in binary or memory: clearancek.site
    Source: file.exeString found in binary or memory: licendfilteo.site
    Source: file.exeString found in binary or memory: spirittunek.store
    Source: file.exeString found in binary or memory: bathdoomgaz.store
    Source: file.exeString found in binary or memory: studennotediw.store
    Source: file.exeString found in binary or memory: dissapoiznw.store
    Source: file.exeString found in binary or memory: eaglepawnoy.store
    Source: file.exeString found in binary or memory: mobbipenju.store
    Source: file.exe, file.exe, 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
    Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter
    1
    DLL Side-Loading
    1
    Process Injection
    24
    Virtualization/Sandbox Evasion
    OS Credential Dumping631
    Security Software Discovery
    Remote Services1
    Archive Collected Data
    11
    Encrypted Channel
    Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault Accounts1
    PowerShell
    Boot or Logon Initialization Scripts1
    DLL Side-Loading
    1
    Process Injection
    LSASS Memory24
    Virtualization/Sandbox Evasion
    Remote Desktop ProtocolData from Removable Media1
    Ingress Tool Transfer
    Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
    Deobfuscate/Decode Files or Information
    Security Account Manager2
    Process Discovery
    SMB/Windows Admin SharesData from Network Shared Drive2
    Non-Application Layer Protocol
    Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
    Obfuscated Files or Information
    NTDS23
    System Information Discovery
    Distributed Component Object ModelInput Capture113
    Application Layer Protocol
    Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing
    LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading
    Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    file.exe100%AviraTR/Crypt.TPM.Gen
    file.exe100%Joe Sandbox ML
    No Antivirus matches
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    https://player.vimeo.com0%URL Reputationsafe
    https://help.steampowered.com/en/0%URL Reputationsafe
    https://store.steampowered.com/news/0%URL Reputationsafe
    https://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://www.gstatic.cn/recaptcha/0%URL Reputationsafe
    http://store.steampowered.com/subscriber_agreement/0%URL Reputationsafe
    https://recaptcha.net/recaptcha/;0%URL Reputationsafe
    http://www.valvesoftware.com/legal.htm0%URL Reputationsafe
    https://store.steampowered.com/stats/0%URL Reputationsafe
    https://medal.tv0%URL Reputationsafe
    https://broadcast.st.dl.eccdnx.com0%URL Reputationsafe
    https://store.steampowered.com/steam_refunds/0%URL Reputationsafe
    https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback0%URL Reputationsafe
    https://login.steampowered.com/0%URL Reputationsafe
    https://store.steampowered.com/legal/0%URL Reputationsafe
    https://steam.tv/0%URL Reputationsafe
    http://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://store.steampowered.com/points/shop/0%URL Reputationsafe
    https://recaptcha.net0%URL Reputationsafe
    https://store.steampowered.com/0%URL Reputationsafe
    https://lv.queniujq.cn0%URL Reputationsafe
    https://store.steampowered.com/privacy_agreement/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=9620160%URL Reputationsafe
    https://checkout.steampowered.com/0%URL Reputationsafe
    https://help.steampowered.com/0%URL Reputationsafe
    https://api.steampowered.com/0%URL Reputationsafe
    http://store.steampowered.com/account/cookiepreferences/0%URL Reputationsafe
    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png0%URL Reputationsafe
    https://store.steampowered.com/mobile0%URL Reputationsafe
    https://store.steampowered.com/;0%URL Reputationsafe
    https://store.steampowered.com/about/0%URL Reputationsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    104.102.49.254
    truetrue
      unknown
      s-part-0039.t-0009.t-msedge.net
      13.107.246.67
      truefalse
        unknown
        eaglepawnoy.store
        unknown
        unknowntrue
          unknown
          bathdoomgaz.store
          unknown
          unknowntrue
            unknown
            spirittunek.store
            unknown
            unknowntrue
              unknown
              licendfilteo.site
              unknown
              unknowntrue
                unknown
                studennotediw.store
                unknown
                unknowntrue
                  unknown
                  mobbipenju.store
                  unknown
                  unknowntrue
                    unknown
                    clearancek.site
                    unknown
                    unknowntrue
                      unknown
                      dissapoiznw.store
                      unknown
                      unknowntrue
                        unknown
                        NameMaliciousAntivirus DetectionReputation
                        bathdoomgaz.storetrue
                          unknown
                          studennotediw.storetrue
                            unknown
                            clearancek.sitetrue
                              unknown
                              dissapoiznw.storetrue
                                unknown
                                https://steamcommunity.com/profiles/76561199724331900true
                                  unknown
                                  spirittunek.storetrue
                                    unknown
                                    licendfilteo.sitetrue
                                      unknown
                                      eaglepawnoy.storetrue
                                        unknown
                                        mobbipenju.storetrue
                                          unknown
                                          NameSourceMaliciousAntivirus DetectionReputation
                                          https://steamcommunity.com/my/wishlist/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                            unknown
                                            https://player.vimeo.comfile.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                            • URL Reputation: safe
                                            unknown
                                            https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                              unknown
                                              https://steamcommunity.com/?subsection=broadcastsfile.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                unknown
                                                https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cbcfeb0e5371aba2file.exe, 00000000.00000003.1381926909.0000000000E89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  unknown
                                                  https://help.steampowered.com/en/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  unknown
                                                  https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcVfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    unknown
                                                    https://steamcommunity.com/market/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      unknown
                                                      https://store.steampowered.com/news/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://www.gstatic.cn/recaptcha/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      http://store.steampowered.com/subscriber_agreement/file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      unknown
                                                      https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        unknown
                                                        https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          unknown
                                                          https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuXfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            unknown
                                                            https://recaptcha.net/recaptcha/;file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            • URL Reputation: safe
                                                            unknown
                                                            https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              unknown
                                                              http://www.valvesoftware.com/legal.htmfile.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              unknown
                                                              https://steamcommunity.com/discussions/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                unknown
                                                                https://www.youtube.comfile.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  unknown
                                                                  https://www.google.comfile.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    unknown
                                                                    https://store.steampowered.com/stats/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    unknown
                                                                    https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&amp;l=englisfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      unknown
                                                                      https://medal.tvfile.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://broadcast.st.dl.eccdnx.comfile.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      unknown
                                                                      https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&ampfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        unknown
                                                                        https://store.steampowered.com/steam_refunds/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        unknown
                                                                        https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?vfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          unknown
                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pfile.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            unknown
                                                                            https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackfile.exe, 00000000.00000003.1381839490.0000000000E38000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            unknown
                                                                            https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              unknown
                                                                              https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                unknown
                                                                                https://s.ytimg.com;file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                  unknown
                                                                                  https://steamcommunity.com/workshop/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    unknown
                                                                                    https://login.steampowered.com/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    unknown
                                                                                    https://steamcommunity.com/6file.exe, 00000000.00000003.1381926909.0000000000E89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      unknown
                                                                                      https://store.steampowered.com/legal/file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://steam.tv/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      • URL Reputation: safe
                                                                                      unknown
                                                                                      https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&amp;l=englfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        unknown
                                                                                        https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&amp;l=file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          unknown
                                                                                          https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BXfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            unknown
                                                                                            https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&amp;file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              unknown
                                                                                              https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&amp;l=english&amfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                unknown
                                                                                                http://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                unknown
                                                                                                https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  unknown
                                                                                                  https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&amp;l=englifile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    unknown
                                                                                                    https://store.steampowered.com/points/shop/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://recaptcha.netfile.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://store.steampowered.com/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    • URL Reputation: safe
                                                                                                    unknown
                                                                                                    https://clearancek.site/apifile.exe, 00000000.00000002.1382848976.0000000000E53000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381839490.0000000000E50000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381954406.0000000000E52000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      unknown
                                                                                                      https://community.cloudflare.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&amp;l=efile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        unknown
                                                                                                        https://steamcommunity.comfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          unknown
                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&amp;file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            unknown
                                                                                                            https://sketchfab.comfile.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              unknown
                                                                                                              https://lv.queniujq.cnfile.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              unknown
                                                                                                              https://www.youtube.com/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                http://127.0.0.1:27060file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://store.steampowered.com/privacy_agreement/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  unknown
                                                                                                                  https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngfile.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    unknown
                                                                                                                    https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      unknown
                                                                                                                      https://www.google.com/recaptcha/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://checkout.steampowered.com/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://help.steampowered.com/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://api.steampowered.com/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        unknown
                                                                                                                        https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28bfile.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          http://store.steampowered.com/account/cookiepreferences/file.exe, 00000000.00000003.1381810961.0000000000EBE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1382752210.0000000000E34000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.pngfile.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://store.steampowered.com/mobilefile.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          unknown
                                                                                                                          https://steamcommunity.com/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://store.steampowered.com/;file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            https://store.steampowered.com/about/file.exe, 00000000.00000003.1381810961.0000000000EC5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            unknown
                                                                                                                            https://community.cloudflare.steamstatic.com/file.exe, 00000000.00000002.1382894291.0000000000E89000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              • No. of IPs < 25%
                                                                                                                              • 25% < No. of IPs < 50%
                                                                                                                              • 50% < No. of IPs < 75%
                                                                                                                              • 75% < No. of IPs
                                                                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                                                                              104.102.49.254
                                                                                                                              steamcommunity.comUnited States
                                                                                                                              16625AKAMAI-ASUStrue
                                                                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                                                                              Analysis ID:1541121
                                                                                                                              Start date and time:2024-10-24 13:01:09 +02:00
                                                                                                                              Joe Sandbox product:CloudBasic
                                                                                                                              Overall analysis duration:0h 2m 42s
                                                                                                                              Hypervisor based Inspection enabled:false
                                                                                                                              Report type:full
                                                                                                                              Cookbook file name:default.jbs
                                                                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                              Number of analysed new started processes analysed:2
                                                                                                                              Number of new started drivers analysed:0
                                                                                                                              Number of existing processes analysed:0
                                                                                                                              Number of existing drivers analysed:0
                                                                                                                              Number of injected processes analysed:0
                                                                                                                              Technologies:
                                                                                                                              • HCA enabled
                                                                                                                              • EGA enabled
                                                                                                                              • AMSI enabled
                                                                                                                              Analysis Mode:default
                                                                                                                              Analysis stop reason:Timeout
                                                                                                                              Sample name:file.exe
                                                                                                                              Detection:MAL
                                                                                                                              Classification:mal100.troj.evad.winEXE@1/0@9/1
                                                                                                                              EGA Information:
                                                                                                                              • Successful, ratio: 100%
                                                                                                                              HCA Information:Failed
                                                                                                                              Cookbook Comments:
                                                                                                                              • Found application associated with file extension: .exe
                                                                                                                              • Stop behavior analysis, all processes terminated
                                                                                                                              • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                              • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, otelrules.afd.azureedge.net, azureedge-t-prod.trafficmanager.net
                                                                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                              • VT rate limit hit for: file.exe
                                                                                                                              TimeTypeDescription
                                                                                                                              07:02:03API Interceptor4x Sleep call for process: file.exe modified
                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                              • www.valvesoftware.com/legal.htm
                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              s-part-0039.t-0009.t-msedge.nethttps://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              https://chiquitzinbb.com/o/?c3Y9bzM2NV8xX25vbSZyYW5kPWQxbDZOVGc9JnVpZD1VU0VSMTYxMDIwMjRVMTExMDE2NDc=N0123NGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              https://vmcsolvo.prismhrperformance.com/Login.aspx?AppraisalId=6724Get hashmaliciousPhisherBrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              https://t.ly/2jKWOGet hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              PayrolNotificationBenefit_.htmlGet hashmaliciousMamba2FABrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              https://www.pumpproducts.com/goulds-lb0735te-centrifugal-booster-pump-3-4-hp-208-230-460-volts-3-phase-1-1-4-npt-suction-1-npt-discharge-18-gpm-max-176-ft-max-head-5-impeller-tefc-stainless-steel-pump-end-casing.htmlGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              1729664815cfbd53c80e923e063654450d871bf5b3718df82433268900e3ec1f0c83395372979.dat-decoded.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              https://login.officefitnesschallenge.com/generate-doc-uid-mkopl4uyg6rde32wsGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              https://zupimages.net/up/24/42/ol13.jpg?d6mSMvU0ZvpGwffnuqPHYMR7NvlxIzVjDfTD4YJjdRSCOccGet hashmaliciousUnknownBrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              http://onlinecheapflights.net/Get hashmaliciousUnknownBrowse
                                                                                                                              • 13.107.246.67
                                                                                                                              steamcommunity.comfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              g4Cyr2T5jq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              hAyQbTcI0I.exeGet hashmaliciousSocks5SystemzBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              AKAMAI-ASUSfile.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              gNubpp8EFH.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 95.101.248.49
                                                                                                                              atH4SE3Oi6.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 23.199.141.126
                                                                                                                              o2YUBeMZW6.elfGet hashmaliciousMiraiBrowse
                                                                                                                              • 95.101.248.46
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              x86.elfGet hashmaliciousUnknownBrowse
                                                                                                                              • 104.112.59.184
                                                                                                                              botnet.spc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                              • 23.53.38.15
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              g4Cyr2T5jq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                              a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              https://is.gd/6NgVrQGet hashmaliciousHTMLPhisherBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              g4Cyr2T5jq.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Stealc, VidarBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaCBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                              • 104.102.49.254
                                                                                                                              No context
                                                                                                                              No created / dropped files found
                                                                                                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                              Entropy (8bit):6.493175237230269
                                                                                                                              TrID:
                                                                                                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                              • DOS Executable Generic (2002/1) 0.02%
                                                                                                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                              File name:file.exe
                                                                                                                              File size:2'949'120 bytes
                                                                                                                              MD5:6a9113565dbd47fd5fbab727070032a1
                                                                                                                              SHA1:06e47eacafb60abe54c9f91617e9e2666cc54ca3
                                                                                                                              SHA256:7249fff68a7631120ae1f98a15f93aac880446f9e392b6e3df1d85504a6db2ad
                                                                                                                              SHA512:abfb95c3e1a0dc4f78ff4f07a605299b5d0561f8ef5b9437cedd518123d2d5ae8fb1757afeed7b053a63cfb0c71a55f8ef330723026412af9bf7036feac7d4c1
                                                                                                                              SSDEEP:49152:y0ZM50tsL0YfW5gBOuEeM1u9ZX5ViqM39HpSSvrUDXc1rHq:rM54sL0YfW5Tufvz61jvwDXCq
                                                                                                                              TLSH:35D54A52E50AB1DFD48E2778C767CE815A3D43B94B3008C39D69F47A6EA3CC512BAD24
                                                                                                                              File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...J..f..............................0...........@...........................0.....j.-...@.................................W...k..
                                                                                                                              Icon Hash:00928e8e8686b000
                                                                                                                              Entrypoint:0x708000
                                                                                                                              Entrypoint Section:.taggant
                                                                                                                              Digitally signed:false
                                                                                                                              Imagebase:0x400000
                                                                                                                              Subsystem:windows gui
                                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                              DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                              Time Stamp:0x66FFF14A [Fri Oct 4 13:44:42 2024 UTC]
                                                                                                                              TLS Callbacks:
                                                                                                                              CLR (.Net) Version:
                                                                                                                              OS Version Major:6
                                                                                                                              OS Version Minor:0
                                                                                                                              File Version Major:6
                                                                                                                              File Version Minor:0
                                                                                                                              Subsystem Version Major:6
                                                                                                                              Subsystem Version Minor:0
                                                                                                                              Import Hash:2eabe9054cad5152567f0699947a2c5b
                                                                                                                              Instruction
                                                                                                                              jmp 00007F92C13CE84Ah
                                                                                                                              pmaxub mm5, qword ptr [eax+eax]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              jmp 00007F92C13D0845h
                                                                                                                              add byte ptr [ebx], cl
                                                                                                                              or al, byte ptr [eax]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], dh
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [edi], bl
                                                                                                                              add byte ptr [eax+000000FEh], ah
                                                                                                                              add byte ptr [edx], ah
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax+eax*4], cl
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              adc byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              or ecx, dword ptr [edx]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              xor byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax+eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax+eax*4], cl
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              adc byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              or ecx, dword ptr [edx]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              xor byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              mov byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              and al, byte ptr [eax]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              or dword ptr [eax+00000000h], eax
                                                                                                                              add byte ptr [eax], al
                                                                                                                              adc byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              or ecx, dword ptr [edx]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              xor byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              mov byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              and al, byte ptr [eax]
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add byte ptr [eax], al
                                                                                                                              add dword ptr [eax+00000000h], eax
                                                                                                                              add byte ptr [eax], al
                                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0x5f0570x6b.idata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x5f1f80x8.idata
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                              0x10000x5d0000x25e0020848574aa10dfcabad3401b2a9ef631False0.9995229991749175data7.9800275105669884IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .rsrc 0x5e0000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .idata 0x5f0000x10000x200fe72def8b74193a84232a780098a7ce0False0.150390625data1.04205214219471IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              tlyflxfh0x600000x2a70000x2a6a00b4810317091b4b3fec607fcea7679d5eunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              iplnhqea0x3070000x10000x4005822a73d0b87ee5711a438b67333b97eFalse0.7060546875zlib compressed data5.699797238843915IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              .taggant0x3080000x30000x2200d090879b32986852bb3b69274d773ca8False0.05974264705882353DOS executable (COM)0.702399318896432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                              DLLImport
                                                                                                                              kernel32.dlllstrcpy
                                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                              2024-10-24T13:02:04.424957+02002056471ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site)1192.168.2.9595121.1.1.153UDP
                                                                                                                              2024-10-24T13:02:04.439755+02002056485ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store)1192.168.2.9553271.1.1.153UDP
                                                                                                                              2024-10-24T13:02:04.453191+02002056483ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store)1192.168.2.9543391.1.1.153UDP
                                                                                                                              2024-10-24T13:02:04.464033+02002056481ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store)1192.168.2.9556431.1.1.153UDP
                                                                                                                              2024-10-24T13:02:04.478390+02002056479ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store)1192.168.2.9574751.1.1.153UDP
                                                                                                                              2024-10-24T13:02:04.491196+02002056477ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store)1192.168.2.9526081.1.1.153UDP
                                                                                                                              2024-10-24T13:02:04.502409+02002056475ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store)1192.168.2.9626381.1.1.153UDP
                                                                                                                              2024-10-24T13:02:04.538715+02002056473ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site)1192.168.2.9638121.1.1.153UDP
                                                                                                                              2024-10-24T13:02:06.406845+02002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.949732104.102.49.254443TCP
                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 24, 2024 13:02:04.566544056 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:04.566592932 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.566669941 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:04.569644928 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:04.569664001 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:05.432763100 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:05.432837009 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:05.546019077 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:05.546046972 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:05.546477079 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:05.589507103 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:05.829853058 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:05.871370077 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.406896114 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.406925917 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.406959057 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.406975031 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.406996012 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.407021046 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:06.407038927 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.407104015 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:06.410218000 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.410262108 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.410305977 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:06.410311937 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.410352945 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:06.410377979 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:06.410429955 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:06.411247015 CEST49732443192.168.2.9104.102.49.254
                                                                                                                              Oct 24, 2024 13:02:06.411256075 CEST44349732104.102.49.254192.168.2.9
                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                              Oct 24, 2024 13:02:04.424957037 CEST5951253192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.436043024 CEST53595121.1.1.1192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.439754963 CEST5532753192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.451905966 CEST53553271.1.1.1192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.453191042 CEST5433953192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.462901115 CEST53543391.1.1.1192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.464032888 CEST5564353192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.474987030 CEST53556431.1.1.1192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.478389978 CEST5747553192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.488719940 CEST53574751.1.1.1192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.491195917 CEST5260853192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.501307964 CEST53526081.1.1.1192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.502408981 CEST6263853192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.514838934 CEST53626381.1.1.1192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.538714886 CEST6381253192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.549777031 CEST53638121.1.1.1192.168.2.9
                                                                                                                              Oct 24, 2024 13:02:04.553886890 CEST5913753192.168.2.91.1.1.1
                                                                                                                              Oct 24, 2024 13:02:04.562247992 CEST53591371.1.1.1192.168.2.9
                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                              Oct 24, 2024 13:02:04.424957037 CEST192.168.2.91.1.1.10x6b1aStandard query (0)clearancek.siteA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.439754963 CEST192.168.2.91.1.1.10x8255Standard query (0)mobbipenju.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.453191042 CEST192.168.2.91.1.1.10xa75aStandard query (0)eaglepawnoy.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.464032888 CEST192.168.2.91.1.1.10x43c5Standard query (0)dissapoiznw.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.478389978 CEST192.168.2.91.1.1.10xf34bStandard query (0)studennotediw.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.491195917 CEST192.168.2.91.1.1.10x41deStandard query (0)bathdoomgaz.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.502408981 CEST192.168.2.91.1.1.10xf0d5Standard query (0)spirittunek.storeA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.538714886 CEST192.168.2.91.1.1.10x927dStandard query (0)licendfilteo.siteA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.553886890 CEST192.168.2.91.1.1.10x77ffStandard query (0)steamcommunity.comA (IP address)IN (0x0001)false
                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                              Oct 24, 2024 13:01:58.446013927 CEST1.1.1.1192.168.2.90x6d98No error (0)shed.dual-low.s-part-0039.t-0009.t-msedge.nets-part-0039.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:01:58.446013927 CEST1.1.1.1192.168.2.90x6d98No error (0)s-part-0039.t-0009.t-msedge.net13.107.246.67A (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.436043024 CEST1.1.1.1192.168.2.90x6b1aName error (3)clearancek.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.451905966 CEST1.1.1.1192.168.2.90x8255Name error (3)mobbipenju.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.462901115 CEST1.1.1.1192.168.2.90xa75aName error (3)eaglepawnoy.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.474987030 CEST1.1.1.1192.168.2.90x43c5Name error (3)dissapoiznw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.488719940 CEST1.1.1.1192.168.2.90xf34bName error (3)studennotediw.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.501307964 CEST1.1.1.1192.168.2.90x41deName error (3)bathdoomgaz.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.514838934 CEST1.1.1.1192.168.2.90xf0d5Name error (3)spirittunek.storenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.549777031 CEST1.1.1.1192.168.2.90x927dName error (3)licendfilteo.sitenonenoneA (IP address)IN (0x0001)false
                                                                                                                              Oct 24, 2024 13:02:04.562247992 CEST1.1.1.1192.168.2.90x77ffNo error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false
                                                                                                                              • steamcommunity.com
                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                              0192.168.2.949732104.102.49.2544437688C:\Users\user\Desktop\file.exe
                                                                                                                              TimestampBytes transferredDirectionData
                                                                                                                              2024-10-24 11:02:05 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                              Connection: Keep-Alive
                                                                                                                              User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                              Host: steamcommunity.com
                                                                                                                              2024-10-24 11:02:06 UTC1917INHTTP/1.1 200 OK
                                                                                                                              Server: nginx
                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                              Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https:// [TRUNCATED]
                                                                                                                              Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                              Cache-Control: no-cache
                                                                                                                              Date: Thu, 24 Oct 2024 11:02:06 GMT
                                                                                                                              Content-Length: 26105
                                                                                                                              Connection: close
                                                                                                                              Set-Cookie: sessionid=f784b5bde8c11ffa69223944; Path=/; Secure; SameSite=None
                                                                                                                              Set-Cookie: steamCountry=US%7Cbcfeb0e5371aba24e9977faccad43253; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                              2024-10-24 11:02:06 UTC14467INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0d 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0d 0a 09 09 3c
                                                                                                                              Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><
                                                                                                                              2024-10-24 11:02:06 UTC11638INData Raw: 22 3f 6c 3d 74 63 68 69 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 63 68 69 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e7 b9 81 e9 ab 94 e4 b8 ad e6 96 87 20 28 54 72 61 64 69 74 69 6f 6e 61 6c 20 43 68 69 6e 65 73 65 29 3c 2f 61 3e 0d 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 6a 61 70 61 6e 65 73 65 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6a 61 70 61 6e 65 73 65 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e6 97 a5 e6 9c ac e8 aa 9e 20 28 4a
                                                                                                                              Data Ascii: "?l=tchinese" onclick="ChangeLanguage( 'tchinese' ); return false;"> (Traditional Chinese)</a><a class="popup_menu_item tight" href="?l=japanese" onclick="ChangeLanguage( 'japanese' ); return false;"> (J


                                                                                                                              Click to jump to process

                                                                                                                              Click to jump to process

                                                                                                                              Click to dive into process behavior distribution

                                                                                                                              Target ID:0
                                                                                                                              Start time:07:02:02
                                                                                                                              Start date:24/10/2024
                                                                                                                              Path:C:\Users\user\Desktop\file.exe
                                                                                                                              Wow64 process (32bit):true
                                                                                                                              Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                                                              Imagebase:0x130000
                                                                                                                              File size:2'949'120 bytes
                                                                                                                              MD5 hash:6A9113565DBD47FD5FBAB727070032A1
                                                                                                                              Has elevated privileges:true
                                                                                                                              Has administrator privileges:true
                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                              Reputation:low
                                                                                                                              Has exited:true

                                                                                                                              Reset < >

                                                                                                                                Execution Graph

                                                                                                                                Execution Coverage:1.1%
                                                                                                                                Dynamic/Decrypted Code Coverage:0%
                                                                                                                                Signature Coverage:56.2%
                                                                                                                                Total number of Nodes:48
                                                                                                                                Total number of Limit Nodes:6
                                                                                                                                execution_graph 20249 13d110 20253 13d119 20249->20253 20250 13d2ee ExitProcess 20251 13d2e9 20256 1756e0 FreeLibrary 20251->20256 20253->20250 20253->20251 20255 140b40 FreeLibrary 20253->20255 20255->20251 20256->20250 20257 1760d2 20258 1760fa 20257->20258 20259 17614e 20258->20259 20263 175bb0 LdrInitializeThunk 20258->20263 20262 175bb0 LdrInitializeThunk 20259->20262 20262->20259 20263->20259 20277 17673d 20279 1766aa 20277->20279 20278 176793 20279->20278 20282 175bb0 LdrInitializeThunk 20279->20282 20281 1767b3 20282->20281 20288 1750fa 20289 175176 LoadLibraryExW 20288->20289 20291 17514c 20288->20291 20290 17518c 20289->20290 20291->20289 20292 14049b 20296 140227 20292->20296 20293 140455 20299 175700 RtlFreeHeap 20293->20299 20296->20293 20297 140308 20296->20297 20298 175700 RtlFreeHeap 20296->20298 20298->20293 20299->20297 20300 1764b8 20301 1763f2 20300->20301 20302 17646e 20301->20302 20304 175bb0 LdrInitializeThunk 20301->20304 20304->20302 20305 13fca0 20308 13fcdc 20305->20308 20306 13ffe4 20308->20306 20309 173220 20308->20309 20310 1732a2 RtlFreeHeap 20309->20310 20311 1732ac 20309->20311 20312 173236 20309->20312 20310->20311 20311->20306 20312->20310 20313 173202 RtlAllocateHeap 20314 16d9cb 20315 16d9fb 20314->20315 20316 16da65 20315->20316 20318 175bb0 LdrInitializeThunk 20315->20318 20318->20315 20319 17626a 20320 17628d 20319->20320 20323 1762de 20320->20323 20326 175bb0 LdrInitializeThunk 20320->20326 20321 17636e 20323->20321 20325 175bb0 LdrInitializeThunk 20323->20325 20325->20321 20326->20323

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 25 1750fa-17514a 26 175176-175186 LoadLibraryExW 25->26 27 17514c-17514f 25->27 28 17518c-1751b5 26->28 29 1752d8-175304 26->29 30 175150-175174 call 175a50 27->30 28->29 30->26
                                                                                                                                APIs
                                                                                                                                • LoadLibraryExW.KERNEL32(19A41BB1,00000000,00000800), ref: 00175182
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: LibraryLoad
                                                                                                                                • String ID: <I$)$<I$)$@^
                                                                                                                                • API String ID: 1029625771-935358343
                                                                                                                                • Opcode ID: e8c91c9d126cec88c942ea81081d5963b0fa42b6a3284fcd55cb378324cef422
                                                                                                                                • Instruction ID: 2ac5296a1d2f684a9882954d3fb1cc45ba3d89c4c299622632bb7f5834d947c2
                                                                                                                                • Opcode Fuzzy Hash: e8c91c9d126cec88c942ea81081d5963b0fa42b6a3284fcd55cb378324cef422
                                                                                                                                • Instruction Fuzzy Hash: 7A21AE351083848FC300DF68D89072AB7F5BB6A300FA9882CE5C5D7352EB76DA55CB56

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 33 13fca0-13fcda 34 13fd0b-13fe22 33->34 35 13fcdc-13fcdf 33->35 37 13fe24 34->37 38 13fe5b-13fe8c 34->38 36 13fce0-13fd09 call 142690 35->36 36->34 40 13fe30-13fe59 call 142760 37->40 41 13feb6-13fecf call 140b50 38->41 42 13fe8e-13fe8f 38->42 40->38 51 13fed5-13fef8 41->51 52 13ffe4-13ffe6 41->52 43 13fe90-13feb4 call 142700 42->43 43->41 53 13ff2b-13ff2d 51->53 54 13fefa 51->54 55 1401b1-1401bb 52->55 57 13ff30-13ff3a 53->57 56 13ff00-13ff29 call 1427e0 54->56 56->53 59 13ff41-13ff49 57->59 60 13ff3c-13ff3f 57->60 62 1401a2-1401a5 call 173220 59->62 63 13ff4f-13ff76 59->63 60->57 60->59 70 1401aa-1401ad 62->70 64 13ffab-13ffb5 63->64 65 13ff78 63->65 68 13ffb7-13ffbb 64->68 69 13ffeb 64->69 67 13ff80-13ffa9 call 142840 65->67 67->64 72 13ffc7-13ffcb 68->72 73 13ffed-13ffef 69->73 70->55 75 13ffd1-13ffd8 72->75 76 14019a 72->76 73->76 77 13fff5-14002c 73->77 80 13ffda-13ffdc 75->80 81 13ffde 75->81 76->62 78 14002e-14002f 77->78 79 14005b-140065 77->79 82 140030-140059 call 1428a0 78->82 83 1400a4 79->83 84 140067-14006f 79->84 80->81 85 13ffc0-13ffc5 81->85 86 13ffe0-13ffe2 81->86 82->79 89 1400a6-1400a8 83->89 88 140087-14008b 84->88 85->72 85->73 86->85 88->76 91 140091-140098 88->91 89->76 92 1400ae-1400c5 89->92 93 14009e 91->93 94 14009a-14009c 91->94 95 1400c7 92->95 96 1400fb-140102 92->96 100 140080-140085 93->100 101 1400a0-1400a2 93->101 94->93 97 1400d0-1400f9 call 142900 95->97 98 140104-14010d 96->98 99 140130-14013c 96->99 97->96 103 140117-14011b 98->103 104 1401c2-1401c7 99->104 100->88 100->89 101->100 103->76 106 14011d-140124 103->106 104->62 107 140126-140128 106->107 108 14012a 106->108 107->108 109 140110-140115 108->109 110 14012c-14012e 108->110 109->103 111 140141-140143 109->111 110->109 111->76 112 140145-14015b 111->112 112->104 113 14015d-14015f 112->113 114 140163-140166 113->114 115 1401bc 114->115 116 140168-140188 call 142030 114->116 115->104 119 140192-140198 116->119 120 14018a-140190 116->120 119->104 120->114 120->119
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: J|BJ$V$VY^_$t
                                                                                                                                • API String ID: 0-3701112211
                                                                                                                                • Opcode ID: 9de4f7555b34986c67c13581953be439f88df53f6416317968878cc53b1bdc98
                                                                                                                                • Instruction ID: 96ada2e6be5538d46babf9de89af8e326d44bd8f0853264e8a1e9ffa3ab593cd
                                                                                                                                • Opcode Fuzzy Hash: 9de4f7555b34986c67c13581953be439f88df53f6416317968878cc53b1bdc98
                                                                                                                                • Instruction Fuzzy Hash: A6D1897550C3909BD311DF15D49062FBBE1AF96B48F18882CF9C98B262C336CD4ADB92

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 157 13d110-13d11b call 174cc0 160 13d121-13d130 call 16c8d0 157->160 161 13d2ee-13d2f6 ExitProcess 157->161 165 13d136-13d15f 160->165 166 13d2e9 call 1756e0 160->166 170 13d161 165->170 171 13d196-13d1bf 165->171 166->161 172 13d170-13d194 call 13d300 170->172 173 13d1c1 171->173 174 13d1f6-13d20c 171->174 172->171 175 13d1d0-13d1f4 call 13d370 173->175 176 13d239-13d23b 174->176 177 13d20e-13d20f 174->177 175->174 181 13d286-13d2aa 176->181 182 13d23d-13d25a 176->182 180 13d210-13d237 call 13d3e0 177->180 180->176 187 13d2d6 call 13e8f0 181->187 188 13d2ac-13d2af 181->188 182->181 186 13d25c-13d25f 182->186 192 13d260-13d284 call 13d440 186->192 194 13d2db-13d2dd 187->194 189 13d2b0-13d2d4 call 13d490 188->189 189->187 192->181 194->166 197 13d2df-13d2e4 call 142f10 call 140b40 194->197 197->166
                                                                                                                                APIs
                                                                                                                                • ExitProcess.KERNEL32(00000000), ref: 0013D2F1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: ExitProcess
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 621844428-0
                                                                                                                                • Opcode ID: 4a8d5dc86761aee37343079a07a9fc8ea66f093084069086d8482467dba8cabe
                                                                                                                                • Instruction ID: c0ae90e730503b9db3475a593e1e6c6bddee616fffaabd5f933b27a9e90cad39
                                                                                                                                • Opcode Fuzzy Hash: 4a8d5dc86761aee37343079a07a9fc8ea66f093084069086d8482467dba8cabe
                                                                                                                                • Instruction Fuzzy Hash: EB4146B440D380ABD301BB69E595A2EFBF5AF62704F148C1CE5C897252C336D8249B67

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 212 175bb0-175be2 LdrInitializeThunk
                                                                                                                                APIs
                                                                                                                                • LdrInitializeThunk.NTDLL(0017973D,005C003F,00000006,?,?,00000018,8C8D8A8B,?,?), ref: 00175BDE
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                                                                • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                                                                • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 241 17695b-17696b call 174a20 244 176981-176a02 241->244 245 17696d 241->245 247 176a36-176a42 244->247 248 176a04 244->248 246 176970-17697f 245->246 246->244 246->246 250 176a85-176a9f 247->250 251 176a44-176a4f 247->251 249 176a10-176a34 call 1773e0 248->249 249->247 252 176a50-176a57 251->252 254 176a60-176a66 252->254 255 176a59-176a5c 252->255 254->250 258 176a68-176a7d call 175bb0 254->258 255->252 257 176a5e 255->257 257->250 260 176a82 258->260 260->250
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 0-2766056989
                                                                                                                                • Opcode ID: 471705bfe42d89a917ffebb5f6464500eb2c7344b1a1c3abaa236e72d5c549f9
                                                                                                                                • Instruction ID: da41841d6a8b4783feeac5d4c78ab7540ab8965ab95f4c1934fd57aa3c8c47c4
                                                                                                                                • Opcode Fuzzy Hash: 471705bfe42d89a917ffebb5f6464500eb2c7344b1a1c3abaa236e72d5c549f9
                                                                                                                                • Instruction Fuzzy Hash: 1B3198B05083018FD718DF14C8A0A2AB7F2EF94344F58C82CE5CAA72A1E3749A44CB56

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 261 14049b-140515 call 13c9f0 265 140356 261->265 266 140417-140430 261->266 267 140370-14037e 261->267 268 1403d0-1403d7 261->268 269 140311-140332 261->269 270 140472-140477 261->270 271 140393-140397 261->271 272 14051c-14051e 261->272 273 1403be 261->273 274 1403de-1403e3 261->274 275 14035f-140367 261->275 276 140339-14034f 261->276 277 14045b-140469 call 175700 261->277 278 1403fb-140414 261->278 279 140246-140260 261->279 280 140386-14038c 261->280 281 140227-14023b 261->281 282 140440-140458 call 175700 261->282 283 140480 261->283 284 140242-140244 261->284 285 140482-140484 261->285 286 1403ec-1403f4 261->286 287 140308-14030c 261->287 265->275 266->282 267->280 268->266 268->270 268->271 268->274 268->278 268->280 268->283 268->285 268->286 269->265 269->266 269->267 269->268 269->270 269->271 269->273 269->274 269->275 269->276 269->277 269->278 269->280 269->282 269->283 269->285 269->286 270->283 300 1403a0-1403b7 271->300 288 140520-140b30 272->288 273->268 274->286 275->267 276->265 276->266 276->267 276->268 276->270 276->271 276->273 276->274 276->275 276->277 276->278 276->280 276->282 276->283 276->285 276->286 277->270 278->266 293 140294 279->293 294 140262 279->294 280->270 280->271 280->283 280->285 281->265 281->266 281->267 281->268 281->269 281->270 281->271 281->273 281->274 281->275 281->276 281->277 281->278 281->279 281->280 281->282 281->283 281->284 281->285 281->286 281->287 282->277 292 140296-1402bd 284->292 290 14048d-140496 285->290 286->270 286->271 286->278 286->283 286->285 287->290 290->288 302 1402bf 292->302 303 1402ea-140301 292->303 293->292 301 140270-140292 call 142eb0 294->301 300->266 300->268 300->270 300->271 300->273 300->274 300->277 300->278 300->280 300->282 300->283 300->285 300->286 301->293 308 1402c0-1402e8 call 142e70 302->308 303->265 303->266 303->267 303->268 303->269 303->270 303->271 303->273 303->274 303->275 303->276 303->277 303->278 303->280 303->282 303->283 303->285 303->286 303->287 308->303
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f2614f46687a22d0f2e119dc6bd7f2abc8da528de2407515ab964c8feced6c88
                                                                                                                                • Instruction ID: aeafa0b698006aa616230a5dc2be35030545b36eb23f63dd52b8a740fa309d36
                                                                                                                                • Opcode Fuzzy Hash: f2614f46687a22d0f2e119dc6bd7f2abc8da528de2407515ab964c8feced6c88
                                                                                                                                • Instruction Fuzzy Hash: 70919D75200B01CFD724CF25D894A17B7F6FF89310B118A6CE9568BBA1DB70E896CB50

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 315 140228-14023b 316 140356 315->316 317 140417-140430 315->317 318 140370-14037e 315->318 319 1403d0-1403d7 315->319 320 140311-140332 315->320 321 140472-140477 315->321 322 140393-140397 315->322 323 1403be 315->323 324 1403de-1403e3 315->324 325 14035f-140367 315->325 326 140339-14034f 315->326 327 14045b-140469 call 175700 315->327 328 1403fb-140414 315->328 329 140246-140260 315->329 330 140386-14038c 315->330 331 140440-140458 call 175700 315->331 332 140480 315->332 333 140242-140244 315->333 334 140482-140484 315->334 335 1403ec-1403f4 315->335 336 140308-14030c 315->336 316->325 317->331 318->330 319->317 319->321 319->322 319->324 319->328 319->330 319->332 319->334 319->335 320->316 320->317 320->318 320->319 320->321 320->322 320->323 320->324 320->325 320->326 320->327 320->328 320->330 320->331 320->332 320->334 320->335 321->332 348 1403a0-1403b7 322->348 323->319 324->335 325->318 326->316 326->317 326->318 326->319 326->321 326->322 326->323 326->324 326->325 326->327 326->328 326->330 326->331 326->332 326->334 326->335 327->321 328->317 341 140294 329->341 342 140262 329->342 330->321 330->322 330->332 330->334 331->327 340 140296-1402bd 333->340 338 14048d-140b30 334->338 335->321 335->322 335->328 335->332 335->334 336->338 350 1402bf 340->350 351 1402ea-140301 340->351 341->340 349 140270-140292 call 142eb0 342->349 348->317 348->319 348->321 348->322 348->323 348->324 348->327 348->328 348->330 348->331 348->332 348->334 348->335 349->341 355 1402c0-1402e8 call 142e70 350->355 351->316 351->317 351->318 351->319 351->320 351->321 351->322 351->323 351->324 351->325 351->326 351->327 351->328 351->330 351->331 351->332 351->334 351->335 351->336 355->351
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 27f310290f6a77bb85fb8386dc64a3d9d5e7aaabc9609cf83ac25e435d22c37f
                                                                                                                                • Instruction ID: 6f354c821580b42f154e1e36791a021083b8a0558f83bd4ba3037f769d7d9ba7
                                                                                                                                • Opcode Fuzzy Hash: 27f310290f6a77bb85fb8386dc64a3d9d5e7aaabc9609cf83ac25e435d22c37f
                                                                                                                                • Instruction Fuzzy Hash: DA718B74200701DFD725CF21E894B17B7F6FF49314F10896CE98A8BAA2DB71A896CB50
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 679e49ec839f03b3c47a383b8eeeda9eef0d830b404dac48ebba537f16a27d92
                                                                                                                                • Instruction ID: b7611132c7b97729283e4deb38c6e15430995b4f95d848df8ccc3e57d149809c
                                                                                                                                • Opcode Fuzzy Hash: 679e49ec839f03b3c47a383b8eeeda9eef0d830b404dac48ebba537f16a27d92
                                                                                                                                • Instruction Fuzzy Hash: FB417A34249300ABD714DA15E890F2BBBB6EB85754F64C82CF58A9B251D331E845CB62
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 28d3caf83195bbdfa4a4ac43eb4d23f4228e81280648fa88a307fc4c09e1b483
                                                                                                                                • Instruction ID: 3a2d6d71bec64f08feb6f3643a49372514011664d01f835fcb3f4afd27bfaeac
                                                                                                                                • Opcode Fuzzy Hash: 28d3caf83195bbdfa4a4ac43eb4d23f4228e81280648fa88a307fc4c09e1b483
                                                                                                                                • Instruction Fuzzy Hash: 0B31C170649701BAD724DA04CD82F3AB7B6FB90B55FA4C908F18A6B2E1D370A851CB52
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d742108cc42d27aa0e7d5dab7d9cedaf3a2cf191082da074cb4210cf37bf3cd8
                                                                                                                                • Instruction ID: 8bedcda49f1b7a626a0e0340047033a31c14c7dca197089000b98804833c3cea
                                                                                                                                • Opcode Fuzzy Hash: d742108cc42d27aa0e7d5dab7d9cedaf3a2cf191082da074cb4210cf37bf3cd8
                                                                                                                                • Instruction Fuzzy Hash: C2213DB490022A9FDB15CF94CC90BBEBBB1FF4A304F144818E911BB391C735A945CB64

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 202 173220-17322f 203 173236-173252 202->203 204 1732a2-1732a6 RtlFreeHeap 202->204 205 1732a0 202->205 206 1732ac-1732b0 202->206 207 173286-173296 203->207 208 173254 203->208 204->206 205->204 207->205 209 173260-173284 call 175af0 208->209 209->207
                                                                                                                                APIs
                                                                                                                                • RtlFreeHeap.NTDLL(?,00000000), ref: 001732A6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: FreeHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 3298025750-0
                                                                                                                                • Opcode ID: e12e44e51721da834a638841dd67c4603761b0512591f0fffb3c4c9ca4f615d7
                                                                                                                                • Instruction ID: 92f89c16c946155f85f08998645b4789a0e81ed398910c6a5df0bccbb438247d
                                                                                                                                • Opcode Fuzzy Hash: e12e44e51721da834a638841dd67c4603761b0512591f0fffb3c4c9ca4f615d7
                                                                                                                                • Instruction Fuzzy Hash: 50014B3450D3409BC701AB18E895A1ABBF9EF5AB00F05881CE5C98B761D335DD60DB92

                                                                                                                                Control-flow Graph

                                                                                                                                • Executed
                                                                                                                                • Not Executed
                                                                                                                                control_flow_graph 213 173202-173211 RtlAllocateHeap
                                                                                                                                APIs
                                                                                                                                • RtlAllocateHeap.NTDLL(?,00000000), ref: 00173208
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: AllocateHeap
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                • Opcode ID: 3c0904ee603128cf39eddb160ac4d971eb7c25c74fd1b6ac6b35fc7bf22b4c76
                                                                                                                                • Instruction ID: f69f775e2f8c5a7610233aa07deefcce50f8aa3a6d6981ad587194efd06c199d
                                                                                                                                • Opcode Fuzzy Hash: 3c0904ee603128cf39eddb160ac4d971eb7c25c74fd1b6ac6b35fc7bf22b4c76
                                                                                                                                • Instruction Fuzzy Hash: C2B012300401005FEA081B00FC0BF003610EB00609FC00050A100040F1D56159A4C654
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: %*+($()./$89&'$89>?$:WUE$<=2$<=:;$@ONM$AR$D$DCBA$LKJI$QNOL$T$WP$`Y^_$`onm$dcba$lkji$mjkh$tsrq$tuJK$xgfe$|
                                                                                                                                • API String ID: 2994545307-1418943773
                                                                                                                                • Opcode ID: a1a8df5d29150ae43e09dba0e66ab49afd5e6232a92efcaeea60fd72dc5581fc
                                                                                                                                • Instruction ID: 68e3a7a48901620aa0264e0e9922b975bdfec7ab3ad6347dd55424950ab4243a
                                                                                                                                • Opcode Fuzzy Hash: a1a8df5d29150ae43e09dba0e66ab49afd5e6232a92efcaeea60fd72dc5581fc
                                                                                                                                • Instruction Fuzzy Hash: C5F278B45083819FD770CF14C894BABBBE2BFD5344F54882CE4C99B262DB719985CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($3<$:$Cx$`tii$aenQ$f@~!$fedc$ggxz$mlc@${l`~$|}&C
                                                                                                                                • API String ID: 0-786070067
                                                                                                                                • Opcode ID: 9b0b2453eddad869a24ac72cb78f78a68c1e7b23776de7b66978ead15249d3b7
                                                                                                                                • Instruction ID: 7df559f41466de78818e3c830f7e08fca67c581be68f608b1c3a76205980e250
                                                                                                                                • Opcode Fuzzy Hash: 9b0b2453eddad869a24ac72cb78f78a68c1e7b23776de7b66978ead15249d3b7
                                                                                                                                • Instruction Fuzzy Hash: F333AF70504B818FD7258F38C990762BBF1BF16304F58899DE4DA8BB92C735E916CBA1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %e6g$(a*c$=]$?m,o$CG$Gt$JG$N[$WH$]{$hi$kW$/)$S]$WQ$_Y$sm
                                                                                                                                • API String ID: 0-1131134755
                                                                                                                                • Opcode ID: 97b24267b6f1f605b73a3928495da68b44fe7cbfc89db9621cc1bce5b42ab1c2
                                                                                                                                • Instruction ID: fd871f83c7bd4bad7e7a1770688972306ad9f23ae868c220401d5f577400d58d
                                                                                                                                • Opcode Fuzzy Hash: 97b24267b6f1f605b73a3928495da68b44fe7cbfc89db9621cc1bce5b42ab1c2
                                                                                                                                • Instruction Fuzzy Hash: C352B6B844D385CAE270CF25D581B8EBAF1BB92740F608A1DE5ED9B255DB708049CF93
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: !E4G$,A&C$2A"_$8;$;IJK$?M0K$B7U1$B?Q9$G'M!$G+X5$L3Y=$O+f)$T#a-$X/R)$pq$z=Q?
                                                                                                                                • API String ID: 0-655414846
                                                                                                                                • Opcode ID: 51470be09dd465268dbf4d5be11a4a66891e84722552e570e121b52bc20a76dc
                                                                                                                                • Instruction ID: 5e78ead6651a75838a34ce74b9f2b47585578e19a7e13a46a8018d96fd92db6e
                                                                                                                                • Opcode Fuzzy Hash: 51470be09dd465268dbf4d5be11a4a66891e84722552e570e121b52bc20a76dc
                                                                                                                                • Instruction Fuzzy Hash: 4DF13EB4008384EBD310DF15D881A2ABBF4FB9A749F544D1CF9E59B252E374DA08CB96
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($)IgK$,Q?S$-M2O$<Y.[$=]+_$Y9N;$hX]N$n\+H$upH}${E
                                                                                                                                • API String ID: 0-1557708024
                                                                                                                                • Opcode ID: 5ccaf3373d780a528b1fdcf8f43726029f1081795a67d3fcb70c1777d3c81fef
                                                                                                                                • Instruction ID: aa83caa3bf92c5ca38248377f14b0916e8b2e94a48803f0f08147c521d19523a
                                                                                                                                • Opcode Fuzzy Hash: 5ccaf3373d780a528b1fdcf8f43726029f1081795a67d3fcb70c1777d3c81fef
                                                                                                                                • Instruction Fuzzy Hash: 33921575E00205CFDB18CF68D8516AEBBF2FF49311F298168E856AB391D7319E46CB90
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: +&}$,&_w$W?7$Y3{/$gEvw$gEvw${5Ko$FnM
                                                                                                                                • API String ID: 0-413178784
                                                                                                                                • Opcode ID: 2886d8dd71f6901e14462b28af7071902ebfce6c1afd68b06ce22bf2834cc20e
                                                                                                                                • Instruction ID: 7c8e1c4eb06fd6c62d2ef992fdee6881b71de1c902b47827c40ada8489359aba
                                                                                                                                • Opcode Fuzzy Hash: 2886d8dd71f6901e14462b28af7071902ebfce6c1afd68b06ce22bf2834cc20e
                                                                                                                                • Instruction Fuzzy Hash: 84B236F3A0C204AFE3146E2DEC8567AFBE5EF94720F1A493DEAC483744E63558058697
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($&> &$,#15$9.5^$cah`$gce/$qrqp${
                                                                                                                                • API String ID: 0-4102007303
                                                                                                                                • Opcode ID: 00127d8dfefe11081473cfb370432d5172a1dc35b010bc33ebf9304a5e33219f
                                                                                                                                • Instruction ID: 11bbc3684cdbff731b4e3d2a18d1f1cc0ec1d6dc45aaca4cc1e15a26b8730bb1
                                                                                                                                • Opcode Fuzzy Hash: 00127d8dfefe11081473cfb370432d5172a1dc35b010bc33ebf9304a5e33219f
                                                                                                                                • Instruction Fuzzy Hash: 9B62ABB5608381CBD331CF14D891BABB7E1FF9A315F04492DE8AA8B641E3759948CB53
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$@$gfff$gfff$gfff
                                                                                                                                • API String ID: 0-2517803157
                                                                                                                                • Opcode ID: c577a9ac643a98fba06828c24c44673ed7d32031bcd0ad1b96dfd3214ae0401c
                                                                                                                                • Instruction ID: c1e6cb8df0abfe2ec32eb87684e78a018645709f141f0243d8d9b10710c324be
                                                                                                                                • Opcode Fuzzy Hash: c577a9ac643a98fba06828c24c44673ed7d32031bcd0ad1b96dfd3214ae0401c
                                                                                                                                • Instruction Fuzzy Hash: 90D213716083519FD718CE28C89436ABBE2AFD9314F18CA2DE4A9CB391D774DD45CB82
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: +~g$#=:$&24$UjW$WxVz$ar$$r?/
                                                                                                                                • API String ID: 0-1457717218
                                                                                                                                • Opcode ID: 9e5631a57437c6b4f1713e7da9c0cdb33201bed0f1fd03c4b785d438a515f863
                                                                                                                                • Instruction ID: 9118b4282b1da6b7d56a3559b5526cd7d1bd993881d31765d2aba3f9511d1250
                                                                                                                                • Opcode Fuzzy Hash: 9e5631a57437c6b4f1713e7da9c0cdb33201bed0f1fd03c4b785d438a515f863
                                                                                                                                • Instruction Fuzzy Hash: 68B2F4F360C2009FE304AE2DEC8567ABBE9EF94320F1A493DE6C4C7744EA7558458697
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: *{?$*|`~$<?N~$T`d}$|>2S
                                                                                                                                • API String ID: 0-4212603734
                                                                                                                                • Opcode ID: 21ecb59befb556b41f2697acab5cff1db0ac81c92ecfcb8db875cd34dbe19c33
                                                                                                                                • Instruction ID: e6035adb3b384b639e79217c0f83d1c101a9b357b06a1efd588b1c5e4dc2fb92
                                                                                                                                • Opcode Fuzzy Hash: 21ecb59befb556b41f2697acab5cff1db0ac81c92ecfcb8db875cd34dbe19c33
                                                                                                                                • Instruction Fuzzy Hash: 83A205F360C2049FE304AE29EC8563AFBE5EFD4720F1A892DE6C487744EA3558458797
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 0$0$0$@$i
                                                                                                                                • API String ID: 0-3124195287
                                                                                                                                • Opcode ID: 503c403dd29fbd717e42fabfc1d3b0cdc0adef52c28ba23263f226084a3f8b01
                                                                                                                                • Instruction ID: 7606b4a4c75d17dd1865ba834c8fdb2368326ed266780dba170952aa43b63e28
                                                                                                                                • Opcode Fuzzy Hash: 503c403dd29fbd717e42fabfc1d3b0cdc0adef52c28ba23263f226084a3f8b01
                                                                                                                                • Instruction Fuzzy Hash: 6C62FE7160C3819FC319DF28C49476AFBE1AFD5308F288A6DE8D987291D774D949CB82
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: +$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                                                                • API String ID: 0-1123320326
                                                                                                                                • Opcode ID: 9dd96a5d3731d261185a9b4a2a9fd4f5f48b504c269c812d084ee9722903d1f5
                                                                                                                                • Instruction ID: 0acad0cd93d8429b49bcc9bdbdc42ea8c8a53713cd3a09494ffafc28f9ff6206
                                                                                                                                • Opcode Fuzzy Hash: 9dd96a5d3731d261185a9b4a2a9fd4f5f48b504c269c812d084ee9722903d1f5
                                                                                                                                • Instruction Fuzzy Hash: 3DF1AC3160C3918FC719CE28C49436AFBE2AFD9308F188A6DE4D987356D774D949CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: P>}$W"\)$`Ru$zMek
                                                                                                                                • API String ID: 0-4200661504
                                                                                                                                • Opcode ID: 9329de569f771bf647c33cb5590d45d156af001a48b60c72190ed667d5efbbc6
                                                                                                                                • Instruction ID: fba9c005046b7c1b02085556ccacff5aae4ab235f2c04a9d71dd7c4c482aa3ef
                                                                                                                                • Opcode Fuzzy Hash: 9329de569f771bf647c33cb5590d45d156af001a48b60c72190ed667d5efbbc6
                                                                                                                                • Instruction Fuzzy Hash: 6BB217F390C204AFE304AF29EC8567AFBE5EF94720F16493DEAC483744E63558148697
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: :$NA_I$m1s3$uvw
                                                                                                                                • API String ID: 0-3973114637
                                                                                                                                • Opcode ID: d207d0e55ead9f32e10d966a1e5a14da06be2cc47536bfd3a5ccefeebaebe080
                                                                                                                                • Instruction ID: 9f24db2da8c9eebb5c7b77d2aae4bad559b6b75dd905de59be0d25caf9c8744e
                                                                                                                                • Opcode Fuzzy Hash: d207d0e55ead9f32e10d966a1e5a14da06be2cc47536bfd3a5ccefeebaebe080
                                                                                                                                • Instruction Fuzzy Hash: CB32A9B1508380DFD315DF28D880A2BBBF5BB9A340F144A6CF5D58B2A2D335DA55CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($;z$p$ss
                                                                                                                                • API String ID: 0-2391135358
                                                                                                                                • Opcode ID: bfe75a82b3abccb9244fcf5a9ef8d080a1eb1038d12fff5db9323cfc9f752846
                                                                                                                                • Instruction ID: 11b924609803c937de1d436ade71d71d5fafc5f9238b24ee927e871aaa886241
                                                                                                                                • Opcode Fuzzy Hash: bfe75a82b3abccb9244fcf5a9ef8d080a1eb1038d12fff5db9323cfc9f752846
                                                                                                                                • Instruction Fuzzy Hash: DA025BB4810B00DFD760DF24D986756BFF5FB05300F50895DE8AA9B696E330E459CBA2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: -$0123456789abcdefxp$gfff$gfff
                                                                                                                                • API String ID: 0-3657095489
                                                                                                                                • Opcode ID: 9ab8295d9af3ad5a422b8c204f2456eb228d6c81666bffac63f172c954901f3a
                                                                                                                                • Instruction ID: 042850a707990e27ee51f63b88f07493a2ad9c16878ca8f0ef40fd0d58a76706
                                                                                                                                • Opcode Fuzzy Hash: 9ab8295d9af3ad5a422b8c204f2456eb228d6c81666bffac63f172c954901f3a
                                                                                                                                • Instruction Fuzzy Hash: 81E18C3160C7918FC719CE29C48466AFBE2AFD9308F08CA6DE4D987356D734D949CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: a|$hu$lc$sj
                                                                                                                                • API String ID: 0-3748788050
                                                                                                                                • Opcode ID: 89039a4fd27c95f20c61cd42472c4aacd86e84d0a6c62c35b4ecb537221b86da
                                                                                                                                • Instruction ID: aa99882d8f3bc195aa2b6b3b51c39520723d4cdfa37ccf4393e077e399326b53
                                                                                                                                • Opcode Fuzzy Hash: 89039a4fd27c95f20c61cd42472c4aacd86e84d0a6c62c35b4ecb537221b86da
                                                                                                                                • Instruction Fuzzy Hash: FBA1AE75418341CBC720DF18C891A2BB7F0FFA6355F588A0CE8E59B291E339D949CB96
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: #'$CV$KV$T>
                                                                                                                                • API String ID: 0-95592268
                                                                                                                                • Opcode ID: f6b8c935c07417a2046a08affbe8be29a908ed5fefe4d2155b0f55d6cf1d17ca
                                                                                                                                • Instruction ID: f9b9f424102180eff849d4d050dc0be8213daf014454fd50026f86116ca0a109
                                                                                                                                • Opcode Fuzzy Hash: f6b8c935c07417a2046a08affbe8be29a908ed5fefe4d2155b0f55d6cf1d17ca
                                                                                                                                • Instruction Fuzzy Hash: 018166B4801745DBCB20DFA5D68516EBFB1FF16301F60460CE896ABA55C330AA65CFE2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: (g6e$,{*y$4c2a$lk
                                                                                                                                • API String ID: 0-1327526056
                                                                                                                                • Opcode ID: 9d4c622c4f68b11d60be9e5005326b13bef17c7c1293f7c7e161a35992125492
                                                                                                                                • Instruction ID: 6d2270e79f6bf22cdbe1e12418dbf61672978d0c9c9d4f03174dca00d9f20229
                                                                                                                                • Opcode Fuzzy Hash: 9d4c622c4f68b11d60be9e5005326b13bef17c7c1293f7c7e161a35992125492
                                                                                                                                • Instruction Fuzzy Hash: 84418775408381CAD7209F20D800BABB7F4FF86306F54995DF9D89B210DB31DA49CB96
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($%*+($~/i!
                                                                                                                                • API String ID: 0-4033100838
                                                                                                                                • Opcode ID: f2edf161a1e9349d8b5cec6776d7007b4992bfdabc3b1e50097b73be34ead5a8
                                                                                                                                • Instruction ID: d94f35a295f8d04c6685d870bade7024f53e07e846763e53689be82af61ba75a
                                                                                                                                • Opcode Fuzzy Hash: f2edf161a1e9349d8b5cec6776d7007b4992bfdabc3b1e50097b73be34ead5a8
                                                                                                                                • Instruction Fuzzy Hash: ACE1B8B5508340EFE3209F24D880B2BBBFAFB95341F58882CE5D98B251E771D955CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: )$)$IEND
                                                                                                                                • API String ID: 0-588110143
                                                                                                                                • Opcode ID: 5a679b527c8783005b8037560b468334d78279c1787842a93af2e973dc15de84
                                                                                                                                • Instruction ID: 97e0ebf3eba3dd35e079bc000b1e268eac0acf0bed5674873cb29a4742639756
                                                                                                                                • Opcode Fuzzy Hash: 5a679b527c8783005b8037560b468334d78279c1787842a93af2e973dc15de84
                                                                                                                                • Instruction Fuzzy Hash: EAE1C0B1A087069FE310CF29C88176ABBE0BF94314F14892DF59997381EB75E914CBC2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 09W?$Gifd
                                                                                                                                • API String ID: 0-1293455076
                                                                                                                                • Opcode ID: 1bbee3550280a5aa863d9df624d9b4f237dde5b7ba98fc0af51eed623b692117
                                                                                                                                • Instruction ID: 4840e1e7eb67d3896b4600e41131f56fb631ea62e28027c46c7d49ffde0a84c7
                                                                                                                                • Opcode Fuzzy Hash: 1bbee3550280a5aa863d9df624d9b4f237dde5b7ba98fc0af51eed623b692117
                                                                                                                                • Instruction Fuzzy Hash: 1C72D4F360C200AFE704AE29DC9567ABBE5EF94720F1A892DE6C5C3744E63598018797
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+($f
                                                                                                                                • API String ID: 0-2038831151
                                                                                                                                • Opcode ID: 3c7611954ecccda0cf1cbe57b16342bd4d20da8d56ede8eb30d8643ae0ae2071
                                                                                                                                • Instruction ID: 7362a4e34594f52654e754bc60b3e4b21c89aa8463f9299d5db9105ae249eb35
                                                                                                                                • Opcode Fuzzy Hash: 3c7611954ecccda0cf1cbe57b16342bd4d20da8d56ede8eb30d8643ae0ae2071
                                                                                                                                • Instruction Fuzzy Hash: D71288716083419FC715CF18C890B2ABBF6FB89314F58CA2CF4999B291D735E945CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: dg$hi
                                                                                                                                • API String ID: 0-2859417413
                                                                                                                                • Opcode ID: 2b71f649a77a85c31a51853032c8d199cd0a535dd3721a12807e75ad2862ff3d
                                                                                                                                • Instruction ID: e62c47782ac050f5c34630cb427832a20b57db4b15a62ece04a048b62408a6bc
                                                                                                                                • Opcode Fuzzy Hash: 2b71f649a77a85c31a51853032c8d199cd0a535dd3721a12807e75ad2862ff3d
                                                                                                                                • Instruction Fuzzy Hash: 41F18371618301EFE304CF24D891B2ABBF6EF86349F14992CF5858B2A1C734E985CB52
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: Inf$NaN
                                                                                                                                • API String ID: 0-3500518849
                                                                                                                                • Opcode ID: dc9ba9a63cdfb67fd696fa4e266d794fff903972d42ae4e43cde40718d7ebe9a
                                                                                                                                • Instruction ID: 560cb4e57db4dbbd10c06bde3ca9673ec973350295499526505b99ac948e5a23
                                                                                                                                • Opcode Fuzzy Hash: dc9ba9a63cdfb67fd696fa4e266d794fff903972d42ae4e43cde40718d7ebe9a
                                                                                                                                • Instruction Fuzzy Hash: AFD1E871A083119BC708CF29C88061EBBE5EFC8750F158A2DF9A9973A0E775DD458B86
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: #m}=
                                                                                                                                • API String ID: 0-288738325
                                                                                                                                • Opcode ID: fb347bb99b854284cd84da06a22486212565cf18150eebaa35c54449a9a0b801
                                                                                                                                • Instruction ID: 07ee0ef3540df77abae329850cc93bf9ffb5cfb1a5480ab98c4f8961cc73a956
                                                                                                                                • Opcode Fuzzy Hash: fb347bb99b854284cd84da06a22486212565cf18150eebaa35c54449a9a0b801
                                                                                                                                • Instruction Fuzzy Hash: C3B217F3A0C2049FE7046E2DEC8567ABBEAEFD4760F1A453DE6C4C3344EA3558058696
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: BaBc$Ye[g
                                                                                                                                • API String ID: 0-286865133
                                                                                                                                • Opcode ID: cbff9c05856b1425fc3ca22545fa11aa966f1f62447f50b7bb94837e4038408a
                                                                                                                                • Instruction ID: 154ea550fe45363cfd08f3947715b70dadaba081103a8526486de535e3425e45
                                                                                                                                • Opcode Fuzzy Hash: cbff9c05856b1425fc3ca22545fa11aa966f1f62447f50b7bb94837e4038408a
                                                                                                                                • Instruction Fuzzy Hash: EC51CE71608381CBD332CF54C891BABB7E0FF9A351F09491DE8A98B691E3749984CB57
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %1.17g
                                                                                                                                • API String ID: 0-1551345525
                                                                                                                                • Opcode ID: 11baa6e47414fe7b8284b33bdb95c42844466f7cbe835726e899b2f5b8f9c21c
                                                                                                                                • Instruction ID: 6f847db1cf0fa486a955222afcfa07114c08a3a8685ebbea90d7b3c42681288c
                                                                                                                                • Opcode Fuzzy Hash: 11baa6e47414fe7b8284b33bdb95c42844466f7cbe835726e899b2f5b8f9c21c
                                                                                                                                • Instruction Fuzzy Hash: D722F4B6A08B42CBE7198E19D840327BBE3AFE0B58F5D856DD8994B341E771DC48C781
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: "
                                                                                                                                • API String ID: 0-123907689
                                                                                                                                • Opcode ID: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                • Instruction ID: 6e48989731284f3926bab7467ac2eeae9c2699b965ede52d7600ba19bcc8b8b3
                                                                                                                                • Opcode Fuzzy Hash: 1e36e4a90a5bcd9904d9a2755a98640d2f51fe7f53356f7c076c40d918f289ea
                                                                                                                                • Instruction Fuzzy Hash: 83F11371A083416FC728CE28C89067BBBE6ABD5350F1DC96DE89A87382D734DD15C792
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: d4bb405a4edc260c4d9dcca6e6dcd309a32d75f5fb11ab1cb9bbfb6f0fd720c6
                                                                                                                                • Instruction ID: 1cdc80a01d42540f151adccfe10d9c3ed679b3b46262d6a1d1ad2b2b1967977d
                                                                                                                                • Opcode Fuzzy Hash: d4bb405a4edc260c4d9dcca6e6dcd309a32d75f5fb11ab1cb9bbfb6f0fd720c6
                                                                                                                                • Instruction Fuzzy Hash: E5E1AD7550C306DBC314DF24C89056EB7F2FF98792F54891CE8E58B260E335AA99CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 3ef2f3449a107267a526634ba1ca7fb89242e23ff5aec4207a970297e8807cfa
                                                                                                                                • Instruction ID: 862e105e592c1b70bbecda4d8604a532869b22fc0ce53be0ccc2b3c131257d57
                                                                                                                                • Opcode Fuzzy Hash: 3ef2f3449a107267a526634ba1ca7fb89242e23ff5aec4207a970297e8807cfa
                                                                                                                                • Instruction Fuzzy Hash: 62F18EB5A00A01CFD725DF24D891A27B3F2FF59314B148A2DE49B87AA1EB30F855CB41
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 695a5d5ab80c9a9d535b3ef43b2e913f57de6f4ab65e61460ea0f0675c367cb3
                                                                                                                                • Instruction ID: bc7f79a9433d5df7534594f1dd06a83a1d3e9439dfe22d1c9eaf3bc3d67b1191
                                                                                                                                • Opcode Fuzzy Hash: 695a5d5ab80c9a9d535b3ef43b2e913f57de6f4ab65e61460ea0f0675c367cb3
                                                                                                                                • Instruction Fuzzy Hash: 6EC1CD71508200EFD710EB14D882A2BB7F5EF95355F088818F8E5AB291E734ED09CBA2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 4c997cd32abaa166f9fa9460bb85cacfb6473a55864677f31c1a7406d4fb303a
                                                                                                                                • Instruction ID: 9bbda511ae2c34bb4a012f39f193244f1161fdbff149e13b3f7685f50479980d
                                                                                                                                • Opcode Fuzzy Hash: 4c997cd32abaa166f9fa9460bb85cacfb6473a55864677f31c1a7406d4fb303a
                                                                                                                                • Instruction Fuzzy Hash: 1ED1F370618302DFD744DFA4DC9062AB7E6FF88305F49896CE896CB291D734EA98CB51
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: P
                                                                                                                                • API String ID: 0-3110715001
                                                                                                                                • Opcode ID: 943b0371cce9f803d3b778926efe070d83b82f4f2e972677f8e5314db4deb234
                                                                                                                                • Instruction ID: f05e6563d816fcac51649cace3132d76ddea5fa0ab5274acf15649593f6a599c
                                                                                                                                • Opcode Fuzzy Hash: 943b0371cce9f803d3b778926efe070d83b82f4f2e972677f8e5314db4deb234
                                                                                                                                • Instruction Fuzzy Hash: F2D1E6729482654FC725CE18D89472EB7F1EB85758F16C62CE8AAAB380CB71DC46C7C1
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 2994545307-3233224373
                                                                                                                                • Opcode ID: 68fbad2a63582ed5105518682061dacab899834c8d692bb5e0f58d412a73e01f
                                                                                                                                • Instruction ID: eaabec60262afb26c3362a95bc889c2e5a96e4356c9e96010f4f696ed8cd3336
                                                                                                                                • Opcode Fuzzy Hash: 68fbad2a63582ed5105518682061dacab899834c8d692bb5e0f58d412a73e01f
                                                                                                                                • Instruction Fuzzy Hash: C5B1FC70608301CFD714DF18D891A2BBBF2EF95342F14482CE9A59B291E335E859CBD2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: ,
                                                                                                                                • API String ID: 0-3772416878
                                                                                                                                • Opcode ID: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                • Instruction ID: f3cde9db82b50f3c99f897b386dcaf7318eea4ad2b70512aae7f037203e2d189
                                                                                                                                • Opcode Fuzzy Hash: 6a3fef2072c4110c7e08f213014c8aa891b97c95317c3c670d38149bab24221c
                                                                                                                                • Instruction Fuzzy Hash: 4FB117712083819FD325CF18C89061BFBE1AFA9704F448A2DF5D997742D671EA18CBA7
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: e95d1a43137948edb57b58caa64ad6467cd24a9f2efc775294fd3fed6339f5ec
                                                                                                                                • Instruction ID: 3408533c9f653a2d4d402dcead601436ed736513761020c9cb57c8e3fb94526a
                                                                                                                                • Opcode Fuzzy Hash: e95d1a43137948edb57b58caa64ad6467cd24a9f2efc775294fd3fed6339f5ec
                                                                                                                                • Instruction Fuzzy Hash: 1881DD75108300EBD714DF68EC84B2AB7F6FB99741F44882CF68987291D731E966CB62
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 823ca52565deaf8bf2b95b4cf64f220c71e494df0a636fa40181f7122e277d99
                                                                                                                                • Instruction ID: 4ebed14cb936a56e3d2063a3ef9114d63190d156174ecd38813d16f44342f5a9
                                                                                                                                • Opcode Fuzzy Hash: 823ca52565deaf8bf2b95b4cf64f220c71e494df0a636fa40181f7122e277d99
                                                                                                                                • Instruction Fuzzy Hash: 2961D171908204DBDB11EF18EC42A3AB3B1FF95354F49492CF9899B361E731DA54C792
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 1eaa23b628d2f4ac4d0ce0d7e4d918f3fc4902450899fa1ba6dcde7dc4ebb03a
                                                                                                                                • Instruction ID: 092c1af027bab4f9626d1ddd7ea17ebe0742ca099cb36e1fc6f228858d335f4c
                                                                                                                                • Opcode Fuzzy Hash: 1eaa23b628d2f4ac4d0ce0d7e4d918f3fc4902450899fa1ba6dcde7dc4ebb03a
                                                                                                                                • Instruction Fuzzy Hash: 8D61ED716083019BE725DF25C880B2ABBF6EBC4310F68C91CE9C9872A1D771ED40CB92
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 0
                                                                                                                                • API String ID: 0-4108050209
                                                                                                                                • Opcode ID: ece4b611e8245342eec2be8583ca884c2a87e10d1a559acc8049850263cc42a0
                                                                                                                                • Instruction ID: 388647fabf86eacb3cb641e7473cab742f6d2783b14e2d9437d3f5cf19e1ef01
                                                                                                                                • Opcode Fuzzy Hash: ece4b611e8245342eec2be8583ca884c2a87e10d1a559acc8049850263cc42a0
                                                                                                                                • Instruction Fuzzy Hash: 5E6165F3F516254BF3844979CD5836265839BE1314F2F82788F4CABBCAD87E9D0A5284
                                                                                                                                Strings
                                                                                                                                • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0013E333
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                                                                • API String ID: 0-2471034898
                                                                                                                                • Opcode ID: 7ab1522f48d909a9d3d0c29db41e611c7626da8f9a0d25f7767bbbabe6303c78
                                                                                                                                • Instruction ID: 38c3a0ab39cb772fde0b8efa2e4ac3f61e8bed6d57dbeb4944e175a97c320b39
                                                                                                                                • Opcode Fuzzy Hash: 7ab1522f48d909a9d3d0c29db41e611c7626da8f9a0d25f7767bbbabe6303c78
                                                                                                                                • Instruction Fuzzy Hash: FF512223A197908BD328893C5C512AA7ED71FA2334F2E8369E9F58B3E0D61588448380
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 15969a479f1be97db5c33a2ae227ebad1d3802136db5e0dbfd466f5ecbc4e874
                                                                                                                                • Instruction ID: 58179f4c15f6f23bf236ffabcb5b28f27b7fafe87b8b081e99364e387765c3b0
                                                                                                                                • Opcode Fuzzy Hash: 15969a479f1be97db5c33a2ae227ebad1d3802136db5e0dbfd466f5ecbc4e874
                                                                                                                                • Instruction Fuzzy Hash: A15180346092409BCB28DF15D891A2ABBF6FF85748F14C82CE5DAC7251D372DE50EB62
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: L3
                                                                                                                                • API String ID: 0-2730849248
                                                                                                                                • Opcode ID: 5dbeb4555fd48958e1c64786681b69632cae646b375fcb339c3324498dd98b11
                                                                                                                                • Instruction ID: 3ddf95caf21ce72260e94d1eaeb9ed79a32dd07f4a2e7300f3619d9c949bc905
                                                                                                                                • Opcode Fuzzy Hash: 5dbeb4555fd48958e1c64786681b69632cae646b375fcb339c3324498dd98b11
                                                                                                                                • Instruction Fuzzy Hash: 6A4162B4408380ABC7149F64D894A2FBBF0FF86314F04991CF9C59B2A1D736CA85CB56
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 871e1fa3b14b87a0f4f06d66e89dbfaf1668d9e4a5f98e4de1a96fca74a83875
                                                                                                                                • Instruction ID: 6c0a49412812691f3f00e2a044476745955c19d9239fdb2d3ae7155d04ef0502
                                                                                                                                • Opcode Fuzzy Hash: 871e1fa3b14b87a0f4f06d66e89dbfaf1668d9e4a5f98e4de1a96fca74a83875
                                                                                                                                • Instruction Fuzzy Hash: 2D31C3B5908305EBD711EA24DC81B2BB7F9EB99794F548828F889D7252E331DC14C7A3
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 72?1
                                                                                                                                • API String ID: 0-1649870076
                                                                                                                                • Opcode ID: 935161fc12042d727967236a4e610641fc3f98847714b6d9d06355ddbe9e8d41
                                                                                                                                • Instruction ID: 7e9da868cf59ccb268ff3f7c4517bbf318557e9d2aa727a6f248e350258db6df
                                                                                                                                • Opcode Fuzzy Hash: 935161fc12042d727967236a4e610641fc3f98847714b6d9d06355ddbe9e8d41
                                                                                                                                • Instruction Fuzzy Hash: 3231D2B6D00204DFDB24CF94E8805AFBBF9FB1A345F54046CE856AB701D335AA45CBA2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: %*+(
                                                                                                                                • API String ID: 0-3233224373
                                                                                                                                • Opcode ID: 890ec63ebeac15dbf843c9ef1fe62dccdf191779b6e2a0fcfe25068f582356f7
                                                                                                                                • Instruction ID: 3027a278a4e49f793c7884c4cdeb313020defb57cc57311169920b1b01ab4e65
                                                                                                                                • Opcode Fuzzy Hash: 890ec63ebeac15dbf843c9ef1fe62dccdf191779b6e2a0fcfe25068f582356f7
                                                                                                                                • Instruction Fuzzy Hash: F3412475206B04DBD7358F61D9A4F26BBF2FB0A705F54891CE58A9BAA1E331F8408B10
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID: 72?1
                                                                                                                                • API String ID: 0-1649870076
                                                                                                                                • Opcode ID: d82b1a0692d73ce9147d556a92a93761ebe6c0ab37fe8a9b3477cceb6d053ccf
                                                                                                                                • Instruction ID: 8e49f5482fdd9bdcd7545ab47f35cd6234a7dc3e1c0f169d87e3957d27bd44f2
                                                                                                                                • Opcode Fuzzy Hash: d82b1a0692d73ce9147d556a92a93761ebe6c0ab37fe8a9b3477cceb6d053ccf
                                                                                                                                • Instruction Fuzzy Hash: F621E0B6D00604DFC724CF94D9809AFBBF9BB1A745F18085CE856AB701C335AE45CBA2
                                                                                                                                Strings
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID: @
                                                                                                                                • API String ID: 2994545307-2766056989
                                                                                                                                • Opcode ID: a6634792c587e3d4903fda9e8f1568c9f2c1185dd9025e0e7a8af928ea16aead
                                                                                                                                • Instruction ID: 8885024726fbd47d9e23a2b651012f9e7ad4ac31accd610b43d29e0022783a2c
                                                                                                                                • Opcode Fuzzy Hash: a6634792c587e3d4903fda9e8f1568c9f2c1185dd9025e0e7a8af928ea16aead
                                                                                                                                • Instruction Fuzzy Hash: 5E3178705083009BD324DF54D880A2AFBFAEF9A354F54C92CE5C997251D335D948CBA6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5dbd332c9eaa1107c01ac76eb3a7929a537d92698901cb0afdbd16a14a0831f3
                                                                                                                                • Instruction ID: bb6ad0c09d5857daa2a420cc4cade088e853f0622428080ea9b0d9fdb0219616
                                                                                                                                • Opcode Fuzzy Hash: 5dbd332c9eaa1107c01ac76eb3a7929a537d92698901cb0afdbd16a14a0831f3
                                                                                                                                • Instruction Fuzzy Hash: 046248B4500B408FD735CF24D990B27B7F6AF5A704F54892CE49A8BA62E774F848CB91
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                • Instruction ID: 524aa8b8701bc4ec664af42bab9f33e125ed45422e6b78096fc25c9304abdf4e
                                                                                                                                • Opcode Fuzzy Hash: 30cb9a533554be97e06675d3460cdff0be9d55b2c6c1132c24f0b6137cc6b4a7
                                                                                                                                • Instruction Fuzzy Hash: F85209316087118BC7259F18D8802BBF3E1FFD5319F294A2DD9C6A7290E735A851CBC6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2f3eaa2df3109377cb923c73a8c08f05e12a1c7d13e8548f775f8ef2e7c74421
                                                                                                                                • Instruction ID: 4b411efbe1e281bd33b7ca43e0c269cf8774621f4e02d8790ea189b68a9f24d6
                                                                                                                                • Opcode Fuzzy Hash: 2f3eaa2df3109377cb923c73a8c08f05e12a1c7d13e8548f775f8ef2e7c74421
                                                                                                                                • Instruction Fuzzy Hash: 8922BA35608342DFC704DF68E89062ABBF1FF89315F09886DE58987751DB35EA94CB42
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 36512d6e55e0079a2410af2964b01af9994f3f74280ea3033f7e90823c3c8e1a
                                                                                                                                • Instruction ID: 6b0f476eb0ce00034dd7886fc1b99e6d7589f05f584502c77a00f56885495dcc
                                                                                                                                • Opcode Fuzzy Hash: 36512d6e55e0079a2410af2964b01af9994f3f74280ea3033f7e90823c3c8e1a
                                                                                                                                • Instruction Fuzzy Hash: 7F22A935608341DFC704DF68E89062ABBF1FF8A305F09896DE58987751DB35EA94CB82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5750fa80838bc776da7a9e95db95a315487b68fa9d38c52720e7ce63a2f7978e
                                                                                                                                • Instruction ID: e498de941fa51ef8c9eb6a5f8e981e6a17ad7e15bcd5128f4ac41c177734e631
                                                                                                                                • Opcode Fuzzy Hash: 5750fa80838bc776da7a9e95db95a315487b68fa9d38c52720e7ce63a2f7978e
                                                                                                                                • Instruction Fuzzy Hash: 355292B090CB848FEB35CB24C4C47A7BBE2EF91314F14492DC7E646A82E779A985C751
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4d3f8d6aec0db458d6f5ff55880954cbb252bf6ef2efc1c26177073b613d1e06
                                                                                                                                • Instruction ID: e99694c8f8682c374e651117b1f79acd57cce12b1647cce9e5ef525506ba0692
                                                                                                                                • Opcode Fuzzy Hash: 4d3f8d6aec0db458d6f5ff55880954cbb252bf6ef2efc1c26177073b613d1e06
                                                                                                                                • Instruction Fuzzy Hash: DE52B2B150C3458FCB29CF29C0906BABBE1BF88314F198A6DF89957391D774E949CB81
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6d474f29f01c19cabad129cfe32771614efbe251e3cf489db5864c20d2e9498e
                                                                                                                                • Instruction ID: 34585e2d5c71ebce3809e5d34b045c59ce6d4c841df29cd853974ba398504f02
                                                                                                                                • Opcode Fuzzy Hash: 6d474f29f01c19cabad129cfe32771614efbe251e3cf489db5864c20d2e9498e
                                                                                                                                • Instruction Fuzzy Hash: D7426475608301DFD708CF28D85076ABBF1BB88315F0988ADE48A8B7A1D775D985CF82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2570414bb5ab119c1edccc249d606f3874bd6deca0e2da032aaef380f32d2e12
                                                                                                                                • Instruction ID: 3828166e96e656a82480a31ef2f7289e3be06761648b2636af9d4e7592e1bb15
                                                                                                                                • Opcode Fuzzy Hash: 2570414bb5ab119c1edccc249d606f3874bd6deca0e2da032aaef380f32d2e12
                                                                                                                                • Instruction Fuzzy Hash: BC32E0B0518B118FC378CF29C59056ABBF2BF55710BA44A2EE6A787B90D736F845CB10
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b4f8345479f8eb79ad45f95f857fa3bf0986361c2d65e5979de21d4ee1f1793b
                                                                                                                                • Instruction ID: a8bbd5e826ff742884da58bfa227e17fff1f3a5f63760445e16813be1ea0e0f2
                                                                                                                                • Opcode Fuzzy Hash: b4f8345479f8eb79ad45f95f857fa3bf0986361c2d65e5979de21d4ee1f1793b
                                                                                                                                • Instruction Fuzzy Hash: 5302B83460C241DFC304DF68E880A2ABBF1FF8A305F09896DE48987761D736E954CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cb2ce6ad10c22e8ebf24f8b49576087f97b521edcee59d5746ada7697adc556e
                                                                                                                                • Instruction ID: 6d11f74bb59ec9cf9e7a451c7acc6e9e99340285ad932e59bf4f0dfde8a4b5fc
                                                                                                                                • Opcode Fuzzy Hash: cb2ce6ad10c22e8ebf24f8b49576087f97b521edcee59d5746ada7697adc556e
                                                                                                                                • Instruction Fuzzy Hash: A0F1873460C341DFC704EF68E88062EBBF6AF8A315F09896DE4C987251D736D954CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 73d78287046898f252b3e1fe2f55765f319bb6786fcf7a543ba46372be5095ff
                                                                                                                                • Instruction ID: 4552b1b80ee64ac9c9782fe55da257b70a8509590579aa48e999c9880da5d57f
                                                                                                                                • Opcode Fuzzy Hash: 73d78287046898f252b3e1fe2f55765f319bb6786fcf7a543ba46372be5095ff
                                                                                                                                • Instruction Fuzzy Hash: 88E1AB3160C351CFC704DF28E89062ABBF6BB8A315F09896CE49987361D736E954CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                • Instruction ID: aecf8db38a49675d9eab80d883a4910d0c2f4fdea1eddf3fa2bd4c64d59d9588
                                                                                                                                • Opcode Fuzzy Hash: 8dbf8a9190905fd82ba4d34b3568b61c3c587483ba5650872ac470c2db95d517
                                                                                                                                • Instruction Fuzzy Hash: 36F1AC766087418FC724CF29C88166BFBE6AFD8300F48882DE4D587751E739E945CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e7b2def0d692e09aee18c6edda42b69302bebdfd262769d475051cdbd9669a3d
                                                                                                                                • Instruction ID: 79a203d960e410fefb1e2c9e076114b43c9f82924ed4a7375bef970a70ec1dc9
                                                                                                                                • Opcode Fuzzy Hash: e7b2def0d692e09aee18c6edda42b69302bebdfd262769d475051cdbd9669a3d
                                                                                                                                • Instruction Fuzzy Hash: DED19A3460C241DFD304EF28E89062EFBF6EB8A305F49896CE4C987251D736D954CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8757c7dbd391e8db4355ebd706bc1e160295866bb9a1be8009c21b8febd4f4ec
                                                                                                                                • Instruction ID: 3eda6d8869f31571ea4e80ae5bc4b409ea5bbf3943b63b5068a6cdcb52101220
                                                                                                                                • Opcode Fuzzy Hash: 8757c7dbd391e8db4355ebd706bc1e160295866bb9a1be8009c21b8febd4f4ec
                                                                                                                                • Instruction Fuzzy Hash: 43E100B5501B008FD325CF28D992B97B7E1FF06708F04886CE4AACBB62E735B8558B54
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b6f948f127375e37e25a10a345be381fa4dd6008843256b0ffc1e86f8b74084f
                                                                                                                                • Instruction ID: db5dbc57e3fb4a1ab80151acd4f559e77887223c0b07eb3ae4ad0b2aa8c870e4
                                                                                                                                • Opcode Fuzzy Hash: b6f948f127375e37e25a10a345be381fa4dd6008843256b0ffc1e86f8b74084f
                                                                                                                                • Instruction Fuzzy Hash: B3D1EF36618755CFC714CF38D88052ABBE2FB89314F098A6DE8A5C77A1D334DA84CB91
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7a7490413a30bcef75c960f8e6cae60668ceff526bbdbd12c27c541c4b29b54b
                                                                                                                                • Instruction ID: 227a09319d1e8242b7e988f738e6df59bfe731ed7c2943634a5f315c52f73aec
                                                                                                                                • Opcode Fuzzy Hash: 7a7490413a30bcef75c960f8e6cae60668ceff526bbdbd12c27c541c4b29b54b
                                                                                                                                • Instruction Fuzzy Hash: 93B1E172A0C3504BE324DA68CC45B6BB7F5ABC9314F08892DE99D973D1EB35DC048792
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                • Instruction ID: 1af32e95181f678e3f58bb9eea30a74c29fd9fdac4690885db4da79e5efc8142
                                                                                                                                • Opcode Fuzzy Hash: 9c6117061885288c1b39a5b943f8482e52345fd8b1a48c2f17ef7dcb0cf10c7c
                                                                                                                                • Instruction Fuzzy Hash: 9AC16DB2A087418FC370CF68DC967ABB7E1BF85318F08492DD2D9C6242E778A155CB46
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5cdb5f7af34bfaa3287ca2a7e313faa9a98ec87e56e4de9b02fdadca9e128c16
                                                                                                                                • Instruction ID: 04ff0238059643f05f267ad17b9f92fcc86b63d5356de33524b19bae94c28cd7
                                                                                                                                • Opcode Fuzzy Hash: 5cdb5f7af34bfaa3287ca2a7e313faa9a98ec87e56e4de9b02fdadca9e128c16
                                                                                                                                • Instruction Fuzzy Hash: 1BB101B4600B408FD321CF24D991B67BBF1AF56708F14885CE8AA8BB62E735F805CB55
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID: InitializeThunk
                                                                                                                                • String ID:
                                                                                                                                • API String ID: 2994545307-0
                                                                                                                                • Opcode ID: 1e6962830fabb36ae4764d9df946861e304f047f6e9a1823ad3cfdb919ff1858
                                                                                                                                • Instruction ID: f309eea03999cfbf42f57511752c6b9ad254858762b50e73e8d7d40abe90bf69
                                                                                                                                • Opcode Fuzzy Hash: 1e6962830fabb36ae4764d9df946861e304f047f6e9a1823ad3cfdb919ff1858
                                                                                                                                • Instruction Fuzzy Hash: BB918B7160D301ABE724DB14C844BABBBF6EB85354F54C81CF99997392E730E950CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ae3cba367ee9522d5348667b2f68cca4f43ba5d0929b90a2b43facb4495d9d14
                                                                                                                                • Instruction ID: a219be41b2605e6d8ec4045ed688c148387c252c6627bf6e9511b8706f360ee1
                                                                                                                                • Opcode Fuzzy Hash: ae3cba367ee9522d5348667b2f68cca4f43ba5d0929b90a2b43facb4495d9d14
                                                                                                                                • Instruction Fuzzy Hash: BC816B342087019BD724DF28D890A2EB7F5FF99740F95C92CE58A8B252E731ED51CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7e30ac9eaab2096682a8cfe8fdb8eb4a655d29e134701132f2c178597ccc6ab0
                                                                                                                                • Instruction ID: dace8d4ce9b165842cbb16232b325d424c3a5bf4ccebf645d673caae449b8d61
                                                                                                                                • Opcode Fuzzy Hash: 7e30ac9eaab2096682a8cfe8fdb8eb4a655d29e134701132f2c178597ccc6ab0
                                                                                                                                • Instruction Fuzzy Hash: 7971E733B29A904BC3188D7C9C823A5BA534BD6334F3EC379A9B5CB3E5D6294C154381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: ebe04f10f903f451be8e5ab16525ee651264aec04fcdf715d62c8e7c4afd34a8
                                                                                                                                • Instruction ID: 814b803fcac2c35a3653cc95af760e527584ffd6a568220216eafd43c465ded1
                                                                                                                                • Opcode Fuzzy Hash: ebe04f10f903f451be8e5ab16525ee651264aec04fcdf715d62c8e7c4afd34a8
                                                                                                                                • Instruction Fuzzy Hash: 336196B5408340CBD310EF18D851A2ABBF0EFA6756F18491CF8D59B261E339D918CBA7
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 554b1fa76b3d903cd5ee264e5ceafc3b7013c323e755fb932a1b5bbba8b22f70
                                                                                                                                • Instruction ID: 29c820c471414e2e73a6ae65f3b4420da72d083b54050351ee1c0b95d189908b
                                                                                                                                • Opcode Fuzzy Hash: 554b1fa76b3d903cd5ee264e5ceafc3b7013c323e755fb932a1b5bbba8b22f70
                                                                                                                                • Instruction Fuzzy Hash: 81519BB1608205EBDB209B64DC83BB732B4EF85369F144958F9998F2D1F375E809C762
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9d559dd5e044a44b69c5e50db4c0d98909988847bc7dabe352478d39cc1b79c9
                                                                                                                                • Instruction ID: a4fdc280848a1f3ca14ea7763886e09cb3dbb824c143125df01c931e38c49960
                                                                                                                                • Opcode Fuzzy Hash: 9d559dd5e044a44b69c5e50db4c0d98909988847bc7dabe352478d39cc1b79c9
                                                                                                                                • Instruction Fuzzy Hash: 1071D3F3E092109FE3085E29DD4577AB7D6EB94320F1B453DE6C887380EA798C518686
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c6d7b6622667be011704dcdd7dd948bd4db6032e7d8a9597c052f4a9f5924cba
                                                                                                                                • Instruction ID: 399261e5e0fc76a62a5ac1193f68601b43ca0a9823097fca03f4dc2cfed9f880
                                                                                                                                • Opcode Fuzzy Hash: c6d7b6622667be011704dcdd7dd948bd4db6032e7d8a9597c052f4a9f5924cba
                                                                                                                                • Instruction Fuzzy Hash: 2F7183F3A097009FE344AE29DC8576AB7E5EF94720F0A493DE6C887740E6359845CB87
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                • Instruction ID: 66a74663d48301d8e33b84947478c9ad31c1bdd1a50378add4872983dbd6c388
                                                                                                                                • Opcode Fuzzy Hash: 6d108e008403b3c92b59985e25fae4eb0cb21936506a5ffd7efe5999b9cc5533
                                                                                                                                • Instruction Fuzzy Hash: C161CD32609391BBD718CE6CC98032EBBE6ABC5350F6DC92DE4898B251D370DD919741
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8cc1ba18233c9383273f97976ffb3f1003b4f83871eb167a04d20042fa5896a6
                                                                                                                                • Instruction ID: c0dc7a4cca8dd5fdc2fc5262e5fbf5008a1aeb6ab5fd35991ce70888450d8cad
                                                                                                                                • Opcode Fuzzy Hash: 8cc1ba18233c9383273f97976ffb3f1003b4f83871eb167a04d20042fa5896a6
                                                                                                                                • Instruction Fuzzy Hash: 9D614923B5EA904BC318493D5C553A66A932BD6330F3FC36998F68B3E4CF6988524381
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e400a7ff7ac4180ade27625cf9cb353c0361d9b6dfa429584f6979c682ff2363
                                                                                                                                • Instruction ID: 3c278d6b2f23a3d731b46cb1b7d4d021b5e1ce7f13cc894513592a19eb3cc51a
                                                                                                                                • Opcode Fuzzy Hash: e400a7ff7ac4180ade27625cf9cb353c0361d9b6dfa429584f6979c682ff2363
                                                                                                                                • Instruction Fuzzy Hash: 9181D0B4810B00AFD360EF39D947797BEF4AB06601F404A1DE4EA97695E730A459CBE3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: f9ee8190298dea58fce9ef5c317e1d7fdcdb07333f43ac64effa4fdb1d502bcf
                                                                                                                                • Instruction ID: b8cc44d75ca896960765d2a1c48dd6b604644ee0f0359fd0a1f9a019d19515a0
                                                                                                                                • Opcode Fuzzy Hash: f9ee8190298dea58fce9ef5c317e1d7fdcdb07333f43ac64effa4fdb1d502bcf
                                                                                                                                • Instruction Fuzzy Hash: 4B5179F3F086144BE314592DED5536AB7C6DBD8330F2A823DEA95D77C4E974880542D2
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                • Instruction ID: 4cdb1231be87f36dd7310cc580ef31dc98d04bff67193ac4ffbb4f505690b152
                                                                                                                                • Opcode Fuzzy Hash: 53adb1b22930f8a695f789fdc3f4b943ccd6ac5fb5c634955e3c1cdf4e3fec6a
                                                                                                                                • Instruction Fuzzy Hash: C9514BB56087549FE314DF69D89435BBBE1BBC5318F044E2DE4E987350E379DA088B82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 34a6ef3aa1fb7d8627e56282c36ed6997e383e9cd0e0bd0b93471609832ecb3a
                                                                                                                                • Instruction ID: 15f8a9aaf4736c0e6b028643972a5f4a737594e05b185c6b549eb9bb5b273a63
                                                                                                                                • Opcode Fuzzy Hash: 34a6ef3aa1fb7d8627e56282c36ed6997e383e9cd0e0bd0b93471609832ecb3a
                                                                                                                                • Instruction Fuzzy Hash: 495114F3A082045BE3146A2DDC8577AB7DADFD4360F1B493DE6C8D3784E93598048696
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: da77ae958a835599ae1ac83794af7c0e2d99159165c4fe2c2442c5304cbcaa9b
                                                                                                                                • Instruction ID: 1d310ef5564002c45ab6c53e2cbf958818f76b6752d436afee2b1038f5c03192
                                                                                                                                • Opcode Fuzzy Hash: da77ae958a835599ae1ac83794af7c0e2d99159165c4fe2c2442c5304cbcaa9b
                                                                                                                                • Instruction Fuzzy Hash: C951D13560C200ABD7199A18DC90B2EB7F6EB85354F68CA2CF899573D1D731AC10CB91
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d927c4ad170817b3f6a9cb2b75ec0d77defbc1c5f88b25afc817c9cdf7fb7440
                                                                                                                                • Instruction ID: 5c8d20595095b607c709d7a1230528b4d1ef2f597975f40b56f5f0d4f9f6ae4f
                                                                                                                                • Opcode Fuzzy Hash: d927c4ad170817b3f6a9cb2b75ec0d77defbc1c5f88b25afc817c9cdf7fb7440
                                                                                                                                • Instruction Fuzzy Hash: 8051F1B5A047049FC714DF18C890926B7A6FF89328F15466CF8999B352D730EC42CB92
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c2f19e8cf6f99ab5e54f127dc13d6496ab3c3993942cc81a353d44b3bae980b2
                                                                                                                                • Instruction ID: bc91bf11304fead746acfd8486acf55e7386a6b9d9f85cc58c93c4aa5505fe3c
                                                                                                                                • Opcode Fuzzy Hash: c2f19e8cf6f99ab5e54f127dc13d6496ab3c3993942cc81a353d44b3bae980b2
                                                                                                                                • Instruction Fuzzy Hash: 22419C78D00329DBDF248F94DC91BA9B7B1FF0A301F144548E955AB2A0EB38AA55CB91
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8c7f9bb1b3346148da499b869d39f088a857ed2679fc1c77b829ae15f4fc654d
                                                                                                                                • Instruction ID: 5f40c142960609e5b1aef02ddefd8c48c7a2acf05e630a1cc5ccb32f7d67e54a
                                                                                                                                • Opcode Fuzzy Hash: 8c7f9bb1b3346148da499b869d39f088a857ed2679fc1c77b829ae15f4fc654d
                                                                                                                                • Instruction Fuzzy Hash: 29415DF3E082041BF74C5D38ED5177AB6CAD7D4320F2F463EBA4597788E8B959054292
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7a997f4686ffb71418828e093b024046a9b62d8cb5b5b62e8eece70e98722655
                                                                                                                                • Instruction ID: 2fe6d6ff9c59a340792150e85f821e749c2bac43b279beee4c89e43fed660a37
                                                                                                                                • Opcode Fuzzy Hash: 7a997f4686ffb71418828e093b024046a9b62d8cb5b5b62e8eece70e98722655
                                                                                                                                • Instruction Fuzzy Hash: 3C41BD74208340ABDB15DB14D990B2FBBF6EB85750F64C82CF58E97251D335E804CBA6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 2e4cea2115c147716dabb404fc431cb8106f71798178f20020bc26f2ba18f228
                                                                                                                                • Instruction ID: d9fad5154594eda896bf73142bf796ed50cc54d074c2fc56c0a4a26111ea0e1d
                                                                                                                                • Opcode Fuzzy Hash: 2e4cea2115c147716dabb404fc431cb8106f71798178f20020bc26f2ba18f228
                                                                                                                                • Instruction Fuzzy Hash: E941E872A083654FD35CCE29849023ABBE2AFC5300F59866EF4D6873E0DBB48985D781
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 0a69601598364d2f3e4dad3d9efb98c1d9697c849c87f349e249cb6efeb03f9d
                                                                                                                                • Instruction ID: e3b94e8147ff74eda5283ddc00ef25dddf3aeb8a8f5cc226d5e888d540de43e6
                                                                                                                                • Opcode Fuzzy Hash: 0a69601598364d2f3e4dad3d9efb98c1d9697c849c87f349e249cb6efeb03f9d
                                                                                                                                • Instruction Fuzzy Hash: 1B410274508380ABD320AB54C884B2EFBF5FB96354F14491CF6C4972A2C376D8598B66
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d48264c002725b88b60ce728eb0f7f98e07b6369b3b3c7456f22b5c199960c1d
                                                                                                                                • Instruction ID: 1c8cb8409a1f715bf421fa26921a6f5c3119a99114b156dd0d26414a7e77d039
                                                                                                                                • Opcode Fuzzy Hash: d48264c002725b88b60ce728eb0f7f98e07b6369b3b3c7456f22b5c199960c1d
                                                                                                                                • Instruction Fuzzy Hash: 7B4106F3D093048BE700AE29DCC522AB7E5FB58254F268A2DDAC593348E67A58058753
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 03f62e295bcf9248200a3a0bea3941371a82d587c2ee5ad78966ef68af5084da
                                                                                                                                • Instruction ID: 571c250da33fcbf58da8e8ded8d87bb8307d9fde6eb25aa8b0914c21139646a7
                                                                                                                                • Opcode Fuzzy Hash: 03f62e295bcf9248200a3a0bea3941371a82d587c2ee5ad78966ef68af5084da
                                                                                                                                • Instruction Fuzzy Hash: E641DF3164C2508FC315EFA8C49452EFBF6AF99300F198A2ED4D9DB2A1CB74DD018B82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: fc1f085e2817c8b9fa65be05e93d02279834148526a39475eca9b527d51aa3ee
                                                                                                                                • Instruction ID: 1de1193855d7014fd7c094f2090caf15dccb1fd862b2898da73b77af0ab19830
                                                                                                                                • Opcode Fuzzy Hash: fc1f085e2817c8b9fa65be05e93d02279834148526a39475eca9b527d51aa3ee
                                                                                                                                • Instruction Fuzzy Hash: BB41BEB5648385CBD7309F14D845BAFB7B0FFAA364F040958E58A8BBA1E7744940CB93
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                • Instruction ID: f8eb114923d8fd78e6681a7e9a126c73e648d0de76f3061fdff6e71e1647d9d9
                                                                                                                                • Opcode Fuzzy Hash: c5be6113664422e96713363ec41851647c31506b086c17a8b3ff98e201e465e1
                                                                                                                                • Instruction Fuzzy Hash: 062149329082244BC3249B1DD88063BF7E5EB9A704F06D63EE8C4A7296E735DC25C7E1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 472f85d24eb9d6069bd6319190faf2c352ffbf3ba6af025d3995896c82ced73e
                                                                                                                                • Instruction ID: f33a45ea5122c4dfc6c0fb83fed8de5a71cd7206ec678d02459945a7765f9e6a
                                                                                                                                • Opcode Fuzzy Hash: 472f85d24eb9d6069bd6319190faf2c352ffbf3ba6af025d3995896c82ced73e
                                                                                                                                • Instruction Fuzzy Hash: 9A3104705183829AD714CF14C49062FBFF0EF96788F54990DF4C8AB261D338DA85CB9A
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e96d2e4ce74353e4e253d076ae7e8746b6e567ef24c6e1b08571f0374d0454da
                                                                                                                                • Instruction ID: f92aa025fc6caed1f63ec08380a700e14692139ed809c7fb2f3bd386956ee6dc
                                                                                                                                • Opcode Fuzzy Hash: e96d2e4ce74353e4e253d076ae7e8746b6e567ef24c6e1b08571f0374d0454da
                                                                                                                                • Instruction Fuzzy Hash: 2F21B570508601DBC3109F18C86192BF7F5EF56756F45890DF8E99B251E334D908DBA3
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                • Instruction ID: 3f7aab90a5928f12581624855727817dc0cb8902e92407755970af4d6c201b07
                                                                                                                                • Opcode Fuzzy Hash: cbe2eee255ce80e2df90ed4850d7395439c2c852be5922ee4a7cea5853ec6c97
                                                                                                                                • Instruction Fuzzy Hash: 6F31D0316482109BD7149E68D880A2BB7E1EFC8359F19892DE89BDB341D331FC52CB86
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 8220d3ee1b683d03b1fa35fed582a56cda26b6d94871df8f2a1e2449ae429906
                                                                                                                                • Instruction ID: 2da8365a4a6cab9d2f9937f4fea0a0e86c3e259aec923674976108315cf9397d
                                                                                                                                • Opcode Fuzzy Hash: 8220d3ee1b683d03b1fa35fed582a56cda26b6d94871df8f2a1e2449ae429906
                                                                                                                                • Instruction Fuzzy Hash: C721367060C6409BC704EF19D890A2EFBF6FB99745F28C81CE4CA97261C335A851CB62
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 9d849c3568ffb63f86dada994cbf6c85c650a1e613c230df0522fe38e67532ec
                                                                                                                                • Instruction ID: d9983cc92a336964893ae32c441e3a4d315337a9cce327e52c0c8061071cc7e7
                                                                                                                                • Opcode Fuzzy Hash: 9d849c3568ffb63f86dada994cbf6c85c650a1e613c230df0522fe38e67532ec
                                                                                                                                • Instruction Fuzzy Hash: 2511C1B37582048FF31C597AECA5767B3DBEBD4234F2A423E9AA6C72C4DE7409024195
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 5bd80528586b06d987efb47fd5905c105b5177ddbe739df889250696b67a9a5f
                                                                                                                                • Instruction ID: 3fa64923db5b78fe5bec07b578146708c8f0d40b6c3f090aff14de67ae77baec
                                                                                                                                • Opcode Fuzzy Hash: 5bd80528586b06d987efb47fd5905c105b5177ddbe739df889250696b67a9a5f
                                                                                                                                • Instruction Fuzzy Hash: 7311A07191C280EBC305AF28E841A1BBBF6EF96710F55C828E4C89B211D335DA51CB93
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                • Instruction ID: ccd0cf09111b2adc4e883f1dc2a73e699bec45496757cba6ecdf63c7b703f1cc
                                                                                                                                • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                                                                • Instruction Fuzzy Hash: 9F11A933A091D54EC3168D3CC8905B5BFA31AA3635B594399F4B4DB2D2D7238DCA8355
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                • Instruction ID: d97992f46f510dbf6923619eb5f20173420fc0022b15c22269a9795c17c53973
                                                                                                                                • Opcode Fuzzy Hash: 90022ddfb32469098a8610d4b68e70bc315f5b0e8987f5b71d64abe4c0da561b
                                                                                                                                • Instruction Fuzzy Hash: 8F0184F9A0130247E721DE5498D1B3BB2A8AF99718F19852CE80657302EB76EC25D7D1
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: e1f01abd6a5eb0aa73d7d62fc4eb2dd45bae1f53988742505ef8cbd8dfdb58eb
                                                                                                                                • Instruction ID: 1e79690736b5b7cf4905f2068b7e6292351183c6c1589a70438f7160cc95ffdf
                                                                                                                                • Opcode Fuzzy Hash: e1f01abd6a5eb0aa73d7d62fc4eb2dd45bae1f53988742505ef8cbd8dfdb58eb
                                                                                                                                • Instruction Fuzzy Hash: 6B11DBB0418380EFD3209F618494A2FFBE5ABA6714F248C0DF6A49B251C379E859CB56
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 1921a591816944e923aa2c9d298b28bbf45fdf95b61fa5be7608a7e62fd28c26
                                                                                                                                • Instruction ID: cce9e0324019a9a5a06e691a9fc4ae92d317d08ff81a4dcd7b2e7b2326adb58a
                                                                                                                                • Opcode Fuzzy Hash: 1921a591816944e923aa2c9d298b28bbf45fdf95b61fa5be7608a7e62fd28c26
                                                                                                                                • Instruction Fuzzy Hash: 08F0243A71820A1BE210CDAAA8C083BB3AADBC9355F249538EA44C3201DE72E8068190
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                • Instruction ID: 6506d07c58c905065930edc77b6421f51c28c54387ea28b09faa2761b04cb969
                                                                                                                                • Opcode Fuzzy Hash: dad40b8a8b0cf0c680be38028a9801f4e1e9da1297b4f3b9e1d9df466e9bee7e
                                                                                                                                • Instruction Fuzzy Hash: 1E0162B3A199610B8348CE3DDC1156BBAD15BD5770F19872DBEF5CB3E0D230C8118695
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                • Instruction ID: afd6f86e1ed7dc578beff9a6215ab27dc393fb41cabbec3b70aacfa27007612f
                                                                                                                                • Opcode Fuzzy Hash: d8ebd7708255391ffa87ed53dd5dbf97c7cff7b52fcdad9dabb06971c835301f
                                                                                                                                • Instruction Fuzzy Hash: EB014B72A196204B8308CE3C9C1112ABEE19B86330F158B2EBCFAD73E0D664CD548696
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                • Instruction ID: bcbcfd50a4127d13449ff388e11d8e54fab044379be8f14359ddceffdad3c4be
                                                                                                                                • Opcode Fuzzy Hash: 809ee23363f840c811a801533be2b64f834fb93f4c5a4ab9cc37b5a2fd812bb4
                                                                                                                                • Instruction Fuzzy Hash: 3FF0E5B1A086106BDF228A549CC0F37BB9CCB9B364F1D1426F98697A13D361E845C3E6
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: b7f10337b882162f1c2a15efd70d2e55bb8a66f72858fb0122ed7af1b262bdcf
                                                                                                                                • Instruction ID: 6ce8f633dff5d59bf0172d96d467e638334c25d285a8bc9da31c63eeb88369bf
                                                                                                                                • Opcode Fuzzy Hash: b7f10337b882162f1c2a15efd70d2e55bb8a66f72858fb0122ed7af1b262bdcf
                                                                                                                                • Instruction Fuzzy Hash: DD01E4B04147009FD360EF29C545747BBF8EB08714F108A1DE8AECB680D770A5848B82
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                • Instruction ID: 2b78bfc1ecb357c4b4c8627169b11938b8ad2d39b1116344d02701d038d82b67
                                                                                                                                • Opcode Fuzzy Hash: a4b5204e339133bf84330416a5308528dd9e98d6cb7a6fcb91640552a86da4e7
                                                                                                                                • Instruction Fuzzy Hash: CFD05E31608321969B648E1DA400977F7F0EA87B11F49955EF58AE3148E330DC41C2A9
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 4b3a651a522d51fb05ffbfc658323d4ca2334cd9933699b4169c22da02c7350d
                                                                                                                                • Instruction ID: 2e141a726a064761a7289c43384822c68bcce66cde00b96ac84be7be0cec6cc7
                                                                                                                                • Opcode Fuzzy Hash: 4b3a651a522d51fb05ffbfc658323d4ca2334cd9933699b4169c22da02c7350d
                                                                                                                                • Instruction Fuzzy Hash: 8AC01234A180018B82488F00A8A5432B3B8A706208B10602EDA07F3A62DA20C4828A09
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: 7e99edc148a3b07eb42378c0561607e2e9a965d90d37eb4db211022ebb616938
                                                                                                                                • Instruction ID: 18eaeb521a37aaed268453bc15ec00a4e4bc81bae2dba752e0bb34b70a3d5c1a
                                                                                                                                • Opcode Fuzzy Hash: 7e99edc148a3b07eb42378c0561607e2e9a965d90d37eb4db211022ebb616938
                                                                                                                                • Instruction Fuzzy Hash: 6DC09B7465C10087A20CCF04D991475F3779B97F14728F01DC82623655C134D652961C
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: c5b2a9cdf82d1dbfc82c9d236e869198295354700c7ae278a9a2cac8f8fd96ba
                                                                                                                                • Instruction ID: d717f4ec64d4e24e93a0898618d7a6d70db576fe086cf5c8e87b2006ba2ceccf
                                                                                                                                • Opcode Fuzzy Hash: c5b2a9cdf82d1dbfc82c9d236e869198295354700c7ae278a9a2cac8f8fd96ba
                                                                                                                                • Instruction Fuzzy Hash: 88C09B34A5D040CBC248CF85E8E1533A3FC970720CB10303E9707F7671C660D4C68509
                                                                                                                                Memory Dump Source
                                                                                                                                • Source File: 00000000.00000002.1382085171.0000000000131000.00000040.00000001.01000000.00000003.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                • Associated: 00000000.00000002.1382073100.0000000000130000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382114720.0000000000190000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382127592.000000000019C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382205046.00000000002FB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382216167.00000000002FD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000030F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382229283.000000000031A000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382251610.0000000000324000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382261879.0000000000327000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382273038.000000000032F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382284065.0000000000336000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382297809.000000000034C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382312781.000000000035D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382328218.0000000000374000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382338721.0000000000377000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382348409.0000000000378000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382360361.000000000037C000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382370085.000000000037D000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382381755.0000000000381000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382391674.0000000000382000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382402899.0000000000386000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382417127.000000000039C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382427858.000000000039F000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382439033.00000000003A8000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382451032.00000000003AC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382461548.00000000003AD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382472179.00000000003B0000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382483041.00000000003B1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382495454.00000000003B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382505335.00000000003B6000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382515521.00000000003B9000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382531847.00000000003CC000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003CE000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382542106.00000000003F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382574845.0000000000420000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382586259.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000423000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382595946.0000000000428000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382618798.0000000000437000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                • Associated: 00000000.00000002.1382628632.0000000000438000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                                • Snapshot File: hcaresult_0_2_130000_file.jbxd
                                                                                                                                Similarity
                                                                                                                                • API ID:
                                                                                                                                • String ID:
                                                                                                                                • API String ID:
                                                                                                                                • Opcode ID: bd76e5519cfa42cd3002237267b0ffb05b25a365f07b54d8fd2b4c71abf281db
                                                                                                                                • Instruction ID: d972f625baafb56d1b55d748d599ec4a7ec512ed431ae09dc76e1f37d17794e8
                                                                                                                                • Opcode Fuzzy Hash: bd76e5519cfa42cd3002237267b0ffb05b25a365f07b54d8fd2b4c71abf281db
                                                                                                                                • Instruction Fuzzy Hash: AAC09274B680008BA24CCF18DD91935F2BA9B8BE28B18B02DC816A3A56D134DA52870C