Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
f86nrrc6.exe

Overview

General Information

Sample name:f86nrrc6.exe
Analysis ID:1577529
MD5:f2a50f1b081ea3cd4821195676adacf1
SHA1:f57f61d9e455b0a30399dd36d97234bb6fd12802
SHA256:9446296c74c2843600e6dccb68316ba93494c7eca4053de766bd237a0ff37279
Tags:18521511316185215113209bulletproofexeLummaStealeruser-abus3reports
Infos:

Detection

LummaC
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Overwrites code with unconditional jumps - possibly settings hooks in foreign process
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Switches to a custom stack to bypass stack traces
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to evade debugger and weak emulator (self modifying code)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to record screenshots
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • f86nrrc6.exe (PID: 7708 cmdline: "C:\Users\user\Desktop\f86nrrc6.exe" MD5: F2A50F1B081EA3CD4821195676ADACF1)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Lumma Stealer, LummaC2 StealerLumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Malware Configuration

Threatname: LummaC

{"C2 url": ["nightybinybz.shop", "mutterissuen.shop", "worddosofrm.shop", "moutheventushz.shop", "bakedstusteeb.shop", "conceszustyb.shop", "respectabosiz.shop", "standartedby.shop"], "Build id": "4SD0y4--MAGISTER"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
decrypted.memstrJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:59.675990+010020283713Unknown Traffic192.168.2.749713104.102.49.254443TCP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:57.110441+010020572611Domain Observed Used for C2 Detected192.168.2.7511301.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:56.877818+010020572591Domain Observed Used for C2 Detected192.168.2.7565621.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:57.649988+010020572551Domain Observed Used for C2 Detected192.168.2.7521221.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:56.207282+010020572671Domain Observed Used for C2 Detected192.168.2.7581731.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:56.648865+010020572631Domain Observed Used for C2 Detected192.168.2.7543381.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:55.695291+010020572571Domain Observed Used for C2 Detected192.168.2.7593731.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:56.430437+010020572651Domain Observed Used for C2 Detected192.168.2.7531911.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:07:55.986130+010020572691Domain Observed Used for C2 Detected192.168.2.7561571.1.1.153UDP
    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
    2024-12-18T15:08:00.464093+010028586661Domain Observed Used for C2 Detected192.168.2.749713104.102.49.254443TCP

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Found malware configuration
    Source: 4.2.f86nrrc6.exe.400000.0.unpackMalware Configuration Extractor: LummaC {"C2 url": ["nightybinybz.shop", "mutterissuen.shop", "worddosofrm.shop", "moutheventushz.shop", "bakedstusteeb.shop", "conceszustyb.shop", "respectabosiz.shop", "standartedby.shop"], "Build id": "4SD0y4--MAGISTER"}
    Multi AV Scanner detection for submitted file
    Source: f86nrrc6.exeReversingLabs: Detection: 71%
    Sample uses string decryption to hide its real strings
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: moutheventushz.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: respectabosiz.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: bakedstusteeb.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: conceszustyb.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: nightybinybz.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: standartedby.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: mutterissuen.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: worddosofrm.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: respectabosiz.shop
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: lid=%s&j=%s&ver=4.0
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: TeslaBrowser/5.5
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: - Screen Resoluton:
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: - Physical Installed Memory:
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: Workgroup: -
    Source: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmpString decryptor: 4SD0y4--MAGISTER
    Source: f86nrrc6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49713 version: TLS 1.2
    Source: Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: f86nrrc6.exe, f86nrrc6.exe, 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmp
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx eax, byte ptr [esp+edx+08h]4_2_0040FF28
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then jmp eax4_2_00424C70
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then jmp ecx4_2_0041102F
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx ebp, word ptr [eax]4_2_0043FCC0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then mov esi, eax4_2_004358F0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h4_2_0043F880
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then mov edx, ecx4_2_0040F0B0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]4_2_00428140
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx edx, byte ptr [esi+edi]4_2_00404D50
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]4_2_00408960
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+44D9AB7Fh]4_2_00423DD0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then cmp dword ptr [edi+edx*8], 33079CCDh4_2_0043F9D0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx edx, byte ptr [esi+ebx]4_2_00405DE0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then mov ebp, eax4_2_0040A5F0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx esi, byte ptr [esp+eax-000000EBh]4_2_00438580
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then jmp ecx4_2_00411DB0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx edi, byte ptr [ecx+esi]4_2_00407210
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+5E07836Bh]4_2_0041DAD0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then cmp word ptr [esi+edi+02h], 0000h4_2_004266F0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then mov ebp, edx4_2_004266F0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then cmp dword ptr [ebx+edi*8], B62B8D10h4_2_00436350
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 9ABDB589h4_2_00438330
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], C0A4C970h4_2_00440330
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 9ABDB589h4_2_004247C0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4x nop then cmp dword ptr [edi+esi*8], 9ABDB589h4_2_004247C0

    Networking

    barindex
    Suricata IDS alerts for network traffic
    Source: Network trafficSuricata IDS: 2057259 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (conceszustyb .shop) : 192.168.2.7:56562 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057263 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nightybinybz .shop) : 192.168.2.7:54338 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057267 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mutterissuen .shop) : 192.168.2.7:58173 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057255 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moutheventushz .shop) : 192.168.2.7:52122 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057257 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (respectabosiz .shop) : 192.168.2.7:59373 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057269 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (worddosofrm .shop) : 192.168.2.7:56157 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057261 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bakedstusteeb .shop) : 192.168.2.7:51130 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2057265 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (standartedby .shop) : 192.168.2.7:53191 -> 1.1.1.1:53
    Source: Network trafficSuricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.7:49713 -> 104.102.49.254:443
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: nightybinybz.shop
    Source: Malware configuration extractorURLs: mutterissuen.shop
    Source: Malware configuration extractorURLs: worddosofrm.shop
    Source: Malware configuration extractorURLs: moutheventushz.shop
    Source: Malware configuration extractorURLs: bakedstusteeb.shop
    Source: Malware configuration extractorURLs: conceszustyb.shop
    Source: Malware configuration extractorURLs: respectabosiz.shop
    Source: Malware configuration extractorURLs: standartedby.shop
    Source: Joe Sandbox ViewIP Address: 104.102.49.254 104.102.49.254
    Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
    Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.7:49713 -> 104.102.49.254:443
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: global trafficHTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
    Source: f86nrrc6.exe, 00000004.00000003.1444788375.00000000014F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=fb63f22e2ee3a484412bc217; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25665Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveWed, 18 Dec 2024 14:08:00 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
    Source: global trafficDNS traffic detected: DNS query: respectabosiz.shop
    Source: global trafficDNS traffic detected: DNS query: worddosofrm.shop
    Source: global trafficDNS traffic detected: DNS query: mutterissuen.shop
    Source: global trafficDNS traffic detected: DNS query: standartedby.shop
    Source: global trafficDNS traffic detected: DNS query: nightybinybz.shop
    Source: global trafficDNS traffic detected: DNS query: conceszustyb.shop
    Source: global trafficDNS traffic detected: DNS query: bakedstusteeb.shop
    Source: global trafficDNS traffic detected: DNS query: moutheventushz.shop
    Source: global trafficDNS traffic detected: DNS query: steamcommunity.com
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://127.0.0.1:27060
    Source: f86nrrc6.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0z
    Source: f86nrrc6.exeString found in binary or memory: http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0
    Source: f86nrrc6.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#
    Source: f86nrrc6.exeString found in binary or memory: http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#
    Source: f86nrrc6.exeString found in binary or memory: http://ocsp.sectigo.com0
    Source: f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
    Source: f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/privacy_agreement/
    Source: f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://store.steampowered.com/subscriber_agreement/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.valvesoftware.com/legal.htm
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.steampowered.com/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://broadcast.st.dl.eccdnx.com
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://checkout.steampowered.com/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&a
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&l=english&_c
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&l=engli
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&l=english&a
    Source: f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=THDq-gsQ
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=0Xxx
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&l=english&am
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&l
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&l=eng
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbC
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&l=english&
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&l=engl
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&l=en
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.png
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&amp
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&am
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQ
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&l=en
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.steampowered.com/en/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.steampowered.com/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://lv.queniujq.cn
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://medal.tv
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://player.vimeo.com
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://recaptcha.net/recaptcha/;
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://s.ytimg.com;
    Source: f86nrrc6.exeString found in binary or memory: https://sectigo.com/CPS0
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sketchfab.com
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steam.tv/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast-test.akamaized.net
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcast.akamaized.net
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steambroadcastchat.akamaized.net
    Source: f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014B4000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1445024997.00000000014B4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/discussions/
    Source: f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
    Source: f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/market/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/my/wishlist/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014C3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1447051697.00000000014C4000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446981599.00000000014B4000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014B4000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1445024997.00000000014B4000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014C1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://steamcommunity.com/workshop/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/
    Source: f86nrrc6.exe, 00000004.00000002.1447051697.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1447167203.00000000014F7000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444788375.00000000014F7000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;
    Source: f86nrrc6.exe, 00000004.00000002.1447051697.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbb
    Source: f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/about/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/explore/
    Source: f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/legal/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/mobile
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/news/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shop/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/points/shopU
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/privacy_agreement/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/stats/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/steam_refunds/
    Source: f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://store.steampowered.com/subscriber_agreement/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/recaptcha/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.cn/recaptcha/
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com/recaptcha/
    Source: f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
    Source: f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownHTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.7:49713 version: TLS 1.2
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00430A30 GetDC,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetCurrentObject,GetObjectW,DeleteObject,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,4_2_00430A30
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040F5604_2_0040F560
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040805C4_2_0040805C
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00409C614_2_00409C61
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040A0704_2_0040A070
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00424C704_2_00424C70
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0043FCC04_2_0043FCC0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004358F04_2_004358F0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004364904_2_00436490
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040F0B04_2_0040F0B0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00434D404_2_00434D40
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004089604_2_00408960
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040C1704_2_0040C170
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00413D2B4_2_00413D2B
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004055304_2_00405530
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040B1D04_2_0040B1D0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00423DD04_2_00423DD0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0043F9D04_2_0043F9D0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0043E5E04_2_0043E5E0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040A5F04_2_0040A5F0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0041FDF04_2_0041FDF0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004039B04_2_004039B0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040DA204_2_0040DA20
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0041D2204_2_0041D220
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040A2284_2_0040A228
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004266F04_2_004266F0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040DE804_2_0040DE80
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00421A804_2_00421A80
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040AB404_2_0040AB40
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004093404_2_00409340
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004147634_2_00414763
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00428B004_2_00428B00
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004123224_2_00412322
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004403304_2_00440330
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004247C04_2_004247C0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00411FD04_2_00411FD0
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00434FA04_2_00434FA0
    Source: f86nrrc6.exeStatic PE information: invalid certificate
    Source: f86nrrc6.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
    Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@9/1
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_004358F0 CoCreateInstance,SysAllocString,CoSetProxyBlanket,SysAllocString,SysAllocString,VariantInit,VariantClear,SysFreeString,SysFreeString,SysFreeString,SysFreeString,4_2_004358F0
    Source: C:\Users\user\Desktop\f86nrrc6.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: f86nrrc6.exeReversingLabs: Detection: 71%
    Source: C:\Users\user\Desktop\f86nrrc6.exeFile read: C:\Users\user\Desktop\f86nrrc6.exeJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: winhttp.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: webio.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: winnsi.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: schannel.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: mskeyprotect.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: ntasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: ncrypt.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: ncryptsslp.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: msasn1.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: gpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeSection loaded: dpapi.dllJump to behavior
    Source: f86nrrc6.exeStatic file information: File size 7238808 > 1048576
    Source: f86nrrc6.exeStatic PE information: Raw size of .MPRESS1 is bigger than: 0x100000 < 0x69aa00
    Source: Binary string: Z:\Development\SecureEngine\src\plugins_manager\internal_plugins\embedded dlls\TlsHelperXBundler\Release\XBundlerTlsHelper.pdb source: f86nrrc6.exe, f86nrrc6.exe, 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmp

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\f86nrrc6.exeUnpacked PE file: 4.2.f86nrrc6.exe.400000.0.unpack .MPRESS1:EW;.MPRESS2:EW;.rsrc:W; vs .MPRESS1:ER;.MPRESS2:ER;.rsrc:W;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .MPRESS2
    Source: f86nrrc6.exeStatic PE information: section name: .MPRESS1
    Source: f86nrrc6.exeStatic PE information: section name: .MPRESS2
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0040196B push esi; ret 4_2_00401972
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_00403937 push esi; ret 4_2_00403939

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\f86nrrc6.exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeWindow searched: window name: RegmonClassJump to behavior

    Hooking and other Techniques for Hiding and Protection

    barindex
    Overwrites code with unconditional jumps - possibly settings hooks in foreign process
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 12A0005 value: E9 2B BA 48 76 Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 7772BA30 value: E9 DA 45 B7 89 Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 12B0008 value: E9 8B 8E 4C 76 Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 77778E90 value: E9 80 71 B3 89 Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 1410005 value: E9 8B 4D 62 74 Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 75A34D90 value: E9 7A B2 9D 8B Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 1430005 value: E9 EB EB 61 74 Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 75A4EBF0 value: E9 1A 14 9E 8B Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 1440005 value: E9 8B 8A 19 75 Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 765D8A90 value: E9 7A 75 E6 8A Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 1450005 value: E9 2B 02 1B 75 Jump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeMemory written: PID: 7708 base: 76600230 value: E9 DA FD E4 8A Jump to behavior

    Malware Analysis System Evasion

    barindex
    Query firmware table information (likely to detect VMs)
    Source: C:\Users\user\Desktop\f86nrrc6.exeSystem information queried: FirmwareTableInformationJump to behavior
    Switches to a custom stack to bypass stack traces
    Source: C:\Users\user\Desktop\f86nrrc6.exeAPI/Special instruction interceptor: Address: 106D1AC
    Source: C:\Users\user\Desktop\f86nrrc6.exeAPI/Special instruction interceptor: Address: FB74B6
    Source: C:\Users\user\Desktop\f86nrrc6.exeAPI/Special instruction interceptor: Address: F0664A
    Source: C:\Users\user\Desktop\f86nrrc6.exeAPI/Special instruction interceptor: Address: EBEAB3
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\f86nrrc6.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\f86nrrc6.exeSpecial instruction interceptor: First address: 55BE1A instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\f86nrrc6.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeAPI coverage: 6.7 %
    Source: C:\Users\user\Desktop\f86nrrc6.exe TID: 7940Thread sleep time: -90000s >= -30000sJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exe TID: 7944Thread sleep time: -30000s >= -30000sJump to behavior
    Source: f86nrrc6.exeBinary or memory string: qo(cQeMU
    Source: f86nrrc6.exe, 00000004.00000002.1447051697.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW2J
    Source: f86nrrc6.exe, 00000004.00000002.1447051697.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: C:\Users\user\Desktop\f86nrrc6.exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\f86nrrc6.exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\f86nrrc6.exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\f86nrrc6.exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\f86nrrc6.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\f86nrrc6.exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\f86nrrc6.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\f86nrrc6.exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\f86nrrc6.exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\f86nrrc6.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\f86nrrc6.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeProcess queried: DebugObjectHandleJump to behavior
    Source: C:\Users\user\Desktop\f86nrrc6.exeCode function: 4_2_0043B600 LdrInitializeThunk,4_2_0043B600

    HIPS / PFW / Operating System Protection Evasion

    barindex
    LummaC encrypted strings found
    Source: f86nrrc6.exeString found in binary or memory: moutheventushz.shop
    Source: f86nrrc6.exeString found in binary or memory: respectabosiz.shop
    Source: f86nrrc6.exeString found in binary or memory: bakedstusteeb.shop
    Source: f86nrrc6.exeString found in binary or memory: conceszustyb.shop
    Source: f86nrrc6.exeString found in binary or memory: nightybinybz.shop
    Source: f86nrrc6.exeString found in binary or memory: standartedby.shop
    Source: f86nrrc6.exeString found in binary or memory: mutterissuen.shop
    Source: f86nrrc6.exeString found in binary or memory: worddosofrm.shop
    Source: C:\Users\user\Desktop\f86nrrc6.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

    Stealing of Sensitive Information

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Remote Access Functionality

    barindex
    Yara detected LummaC Stealer
    Source: Yara matchFile source: decrypted.memstr, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
    PowerShell    		1
    DLL Side-Loading    		1
    DLL Side-Loading    		33
    Virtualization/Sandbox Evasion    		1
    Credential API Hooking    		721
    Security Software Discovery    		Remote Services1
    Screen Capture    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Deobfuscate/Decode Files or Information    		LSASS Memory33
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol1
    Credential API Hooking    		1
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)2
    Obfuscated Files or Information    		Security Account Manager1
    Process Discovery    		SMB/Windows Admin Shares1
    Archive Collected Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
    Software Packing    		NTDS23
    System Information Discovery    		Distributed Component Object ModelInput Capture113
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
    DLL Side-Loading    		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    f86nrrc6.exe71%ReversingLabsWin32.Trojan.Lumma

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    steamcommunity.com
    		104.102.49.254
    		truefalse
      		high
      nightybinybz.shop
      		unknown
      		unknowntrue
        		unknown
        moutheventushz.shop
        		unknown
        		unknowntrue
          		unknown
          standartedby.shop
          		unknown
          		unknowntrue
            		unknown
            respectabosiz.shop
            		unknown
            		unknowntrue
              		unknown
              conceszustyb.shop
              		unknown
              		unknowntrue
                		unknown
                bakedstusteeb.shop
                		unknown
                		unknownfalse
                  		high
                  mutterissuen.shop
                  		unknown
                  		unknowntrue
                    		unknown
                    worddosofrm.shop
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      bakedstusteeb.shopfalse
                        		high
                        nightybinybz.shopfalse
                          		high
                          moutheventushz.shopfalse
                            		high
                            respectabosiz.shopfalse
                              		high
                              https://steamcommunity.com/profiles/76561199724331900false
                                		high
                                standartedby.shopfalse
                                  		high
                                  worddosofrm.shopfalse
                                    		high
                                    conceszustyb.shopfalse
                                      		high
                                      mutterissuen.shopfalse
                                        		high

                                        URLs from Memory and Binaries

                                        NameSourceMaliciousAntivirus DetectionReputation
                                        https://steamcommunity.com/my/wishlist/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                          		high
                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.pngf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                            		high
                                            https://player.vimeo.comf86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://crt.sectigo.com/SectigoPublicTimeStampingCAR36.crt0#f86nrrc6.exefalse
                                                		high
                                                https://community.fastly.steamstatic.com/public/shared/css/shared_responsive.css?v=JL1e4uQSrVGe&amp;f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://ocsp.sectigo.com0f86nrrc6.exefalse
                                                    		high
                                                    https://steamcommunity.com/?subsection=broadcastsf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://help.steampowered.com/en/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://steamcommunity.com/market/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://store.steampowered.com/news/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://store.steampowered.com/subscriber_agreement/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.gstatic.cn/recaptcha/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://store.steampowered.com/subscriber_agreement/f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.orgf86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://recaptcha.net/recaptcha/;f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.valvesoftware.com/legal.htmf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://community.fastly.steamstatic.com/public/shared/css/shared_global.css?v=wuA4X_n5-mo0&amp;l=enf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://steamcommunity.com/discussions/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.youtube.comf86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.google.comf86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://crl.sectigo.com/SectigoPublicTimeStampingRootR46.crl0f86nrrc6.exefalse
                                                                                  		high
                                                                                  https://store.steampowered.com/stats/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://community.fastly.steamstatic.com/public/shared/javascript/shared_global.js?v=Gr6TbGRvDtNE&amf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://medal.tvf86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://broadcast.st.dl.eccdnx.comf86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://community.fastly.steamstatic.com/public/shared/images/responsive/logo_valve_footer.pngf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://community.fastly.steamstatic.com/public/css/skin_1/header.css?v=EM4kCu67DNda&amp;l=english&af86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://store.steampowered.com/steam_refunds/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://store.steampowered.com/points/shopUf86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedbackf86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://community.fastly.steamstatic.com/public/css/applications/community/main.css?v=Lj6X7NKUMfzk&af86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://community.fastly.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://community.fastly.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://community.fastly.steamstatic.com/public/shared/css/motiva_sans.css?v=-yZgCk0Nu7kH&amp;l=englf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://community.fastly.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=pbdAKOcDIgbCf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://s.ytimg.com;f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://steamcommunity.com/workshop/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://community.fastly.steamstatic.com/public/javascript/applications/community/manifest.js?v=0Xxxf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://login.steampowered.com/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C185ce35c568ebbbf86nrrc6.exe, 00000004.00000002.1447051697.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://community.fastly.steamstatic.com/public/css/globalv2.css?v=hzEgqbtRcI5V&amp;l=english&amp;_cf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://community.fastly.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://community.fastly.steamstatic.com/public/shared/css/buttons.css?v=qhQgyjWi6LgJ&amp;l=english&f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://store.steampowered.com/legal/f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://community.fastly.steamstatic.com/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://community.fastly.steamstatic.com/public/css/skin_1/fatalerror.css?v=OFUqlcDNiD6y&amp;l=englif86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://steam.tv/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crt.sectigo.com/SectigoPublicTimeStampingRootR46.p7c0#f86nrrc6.exefalse
                                                                                                                                            		high
                                                                                                                                            https://community.fastly.steamstatic.com/public/shared/javascript/tooltip.js?v=QYkT4eS5mbTN&amp;l=enf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/prototype-1.7.js?v=npJElBnrEO6W&amp;l=engf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://sectigo.com/CPS0f86nrrc6.exefalse
                                                                                                                                                  		high
                                                                                                                                                  http://store.steampowered.com/privacy_agreement/f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://store.steampowered.com/points/shop/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://recaptcha.netf86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://store.steampowered.com/f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://steamcommunity.comf86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://sketchfab.comf86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://lv.queniujq.cnf86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://community.fastly.steamstatic.com/public/shared/images/responsive/header_logo.pngf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://www.youtube.com/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://127.0.0.1:27060f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://store.steampowered.com/privacy_agreement/f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://community.fastly.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=tvQf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://crl.sectigo.com/SectigoPublicTimeStampingCAR36.crl0zf86nrrc6.exefalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://community.fastly.steamstatic.com/public/javascript/global.js?v=jWc2JLWHx5Kn&amp;l=english&amf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://www.google.com/recaptcha/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://checkout.steampowered.com/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://community.fastly.steamstatic.com/public/shared/javascript/auth_refresh.js?v=w6QbwI-5-j2S&ampf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://help.steampowered.com/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://api.steampowered.com/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        http://store.steampowered.com/account/cookiepreferences/f86nrrc6.exe, 00000004.00000003.1444440878.00000000014A3000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://store.steampowered.com/mobilef86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            https://steamcommunity.com/f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014B4000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1445024997.00000000014B4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://community.fastly.steamstatic.com/public/javascript/applications/community/main.js?v=THDq-gsQf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444932991.000000000149E000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1446963076.000000000149E000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://store.steampowered.com/;f86nrrc6.exe, 00000004.00000002.1447051697.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000002.1447167203.00000000014F7000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444440878.00000000014EC000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444788375.00000000014F7000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444814594.00000000014EC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://store.steampowered.com/about/f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://community.fastly.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=gQHVlrK4-jX-&amp;lf86nrrc6.exe, 00000004.00000003.1444379332.0000000001531000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444913659.0000000001535000.00000004.00000020.00020000.00000000.sdmp, f86nrrc6.exe, 00000004.00000003.1444379332.000000000152B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		high

                                                                                                                                                                                                      World Map of Contacted IPs

                                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                                      Public IPs

                                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                      104.102.49.254
                                                                                                                                                                                                      		steamcommunity.comUnited States
                                                                                                                                                                                                      		16625AKAMAI-ASUSfalse

                                                                                                                                                                                                      General Information

                                                                                                                                                                                                      Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                      Analysis ID:1577529
                                                                                                                                                                                                      Start date and time:2024-12-18 15:06:46 +01:00
                                                                                                                                                                                                      Joe Sandbox product:CloudBasic
                                                                                                                                                                                                      Overall analysis duration:0h 5m 21s
                                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                                      Report type:full
                                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                      Number of analysed new started processes analysed:11
                                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                                      Technologies:
                                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                                      Sample name:f86nrrc6.exe
                                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                                      Classification:mal100.troj.evad.winEXE@1/0@9/1
                                                                                                                                                                                                      EGA Information:
                                                                                                                                                                                                      • Successful, ratio: 100%
                                                                                                                                                                                                      HCA Information:Failed
                                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                                      • Found application associated with file extension: .exe

                                                                                                                                                                                                      Warnings

                                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 13.107.246.63, 4.245.163.56
                                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, time.windows.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                      • VT rate limit hit for: f86nrrc6.exe

                                                                                                                                                                                                      Simulations

                                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                                      09:07:54API Interceptor6x Sleep call for process: f86nrrc6.exe modified

                                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                                      IPs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      104.102.49.254http://gtm-cn-j4g3qqvf603.steamproxy1.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • www.valvesoftware.com/legal.htm

                                                                                                                                                                                                      Domains

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      steamcommunity.comArmanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      v_dolg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      cccc2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      CompleteStudio.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      random.exe.6.exeGet hashmaliciousLummaC, Python Stealer, Amadey, LummaC Stealer, Monster Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      alexshlu.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                      • 23.55.153.106
                                                                                                                                                                                                      99awhy8l.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 23.55.153.106

                                                                                                                                                                                                      ASNs

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      AKAMAI-ASUSko.ps1.2.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 23.57.90.154
                                                                                                                                                                                                      http://www.mynylgbs.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 104.121.2.245
                                                                                                                                                                                                      loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                      • 23.203.88.6
                                                                                                                                                                                                      loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                      • 96.24.75.93
                                                                                                                                                                                                      EXTERNALRe.msgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 95.100.135.24
                                                                                                                                                                                                      mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                      • 104.82.71.158
                                                                                                                                                                                                      arm.nn-20241218-0633.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                      • 104.89.110.164
                                                                                                                                                                                                      jew.ppc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 23.199.141.123
                                                                                                                                                                                                      jew.sh4.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      • 2.16.80.27
                                                                                                                                                                                                      https://garfieldthecat.tech/Receipt.htmlGet hashmaliciousWinSearchAbuseBrowse
                                                                                                                                                                                                      • 23.217.172.185

                                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                      a0e9f5d64349fb13191bc781f81f42e1Armanivenntii_crypted_EASY.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      random.exe.2.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      aqbjn3fl.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      goldlummaa.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, LummaC Stealer, RHADAMANTHYS, XmrigBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      InstallSetup.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      ScreenUpdateSync.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      random.exe.10.exeGet hashmaliciousLummaCBrowse
                                                                                                                                                                                                      • 104.102.49.254
                                                                                                                                                                                                      zq6a1iqg.exeGet hashmaliciousLummaC StealerBrowse
                                                                                                                                                                                                      • 104.102.49.254

                                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                                      No context

                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                      No created / dropped files found

                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      File type:MS-DOS executable PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, MZ for MS-DOS
                                                                                                                                                                                                      Entropy (8bit):7.965206863566108
                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                      File name:f86nrrc6.exe
                                                                                                                                                                                                      File size:7'238'808 bytes
                                                                                                                                                                                                      MD5:f2a50f1b081ea3cd4821195676adacf1
                                                                                                                                                                                                      SHA1:f57f61d9e455b0a30399dd36d97234bb6fd12802
                                                                                                                                                                                                      SHA256:9446296c74c2843600e6dccb68316ba93494c7eca4053de766bd237a0ff37279
                                                                                                                                                                                                      SHA512:b057bedb7067d3ca91f31152bbf34126cad8d29437b83656118ea5807b4f195a3270a0578f51cb8c961b9212c31c71b758865a1cf74c5b4e0bd99a5ddd2b9a58
                                                                                                                                                                                                      SSDEEP:98304:ISTkuyh2weEjW9a3JXwPhxAL+ikiYDCsPtWgYGI+4IPF6scqr/Api3RixLe7J:IP2D/83iiW2AtWxbm5ApiYxLe7J
                                                                                                                                                                                                      TLSH:30763353B650E962F92644B10D72C6B310C5FC499F2085AB71E4BF5F3830BA2C5BAD6E
                                                                                                                                                                                                      File Content Preview:MZ@.....................................!..L.!Win32 .EXE...$@...PE..L....3%g..........................................@.................................s.n..................................................%............m....................................

                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                      Icon Hash:23f7e7f7f3a9d8f9

                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Entrypoint:0x11181af
                                                                                                                                                                                                      Entrypoint Section:.MPRESS2
                                                                                                                                                                                                      Digitally signed:true
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                      DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                                                                                                                                      Time Stamp:0x67253391 [Fri Nov 1 20:01:21 2024 UTC]
                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                      OS Version Major:6
                                                                                                                                                                                                      OS Version Minor:0
                                                                                                                                                                                                      File Version Major:6
                                                                                                                                                                                                      File Version Minor:0
                                                                                                                                                                                                      Subsystem Version Major:6
                                                                                                                                                                                                      Subsystem Version Minor:0
                                                                                                                                                                                                      Import Hash:a4ee7039994118d7b3bfbdda3544c529

                                                                                                                                                                                                      Authenticode Signature

                                                                                                                                                                                                      Signature Valid:false
                                                                                                                                                                                                      Signature Issuer:CN=\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae
                                                                                                                                                                                                      Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                                                      Error Number:-2146762487
                                                                                                                                                                                                      Not Before, Not After
                                                                                                                                                                                                      • 26/09/2024 13:26:30 27/09/2034 13:26:30
                                                                                                                                                                                                      Subject Chain
                                                                                                                                                                                                      • CN=\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\u2116\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae\xae
                                                                                                                                                                                                      Version:3
                                                                                                                                                                                                      Thumbprint MD5:831EB4B726CD805171AB232FFF74BEA8
                                                                                                                                                                                                      Thumbprint SHA-1:12E28DDFBBFB19CD577295C60487D94C803AE134
                                                                                                                                                                                                      Thumbprint SHA-256:BEB2F607C9CAE270331FEE6340CF406C0D55EEF2EC7FA075E7489CF898872E1A
                                                                                                                                                                                                      Serial:4840E0ACC336EAA44231DFA5F426BF8F

                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                      pushad
                                                                                                                                                                                                      call 00007FA1D11DD915h
                                                                                                                                                                                                      pop eax
                                                                                                                                                                                                      add eax, 00000B5Ah
                                                                                                                                                                                                      mov esi, dword ptr [eax]
                                                                                                                                                                                                      add esi, eax
                                                                                                                                                                                                      sub eax, eax
                                                                                                                                                                                                      mov edi, esi
                                                                                                                                                                                                      lodsw
                                                                                                                                                                                                      shl eax, 0Ch
                                                                                                                                                                                                      mov ecx, eax
                                                                                                                                                                                                      push eax
                                                                                                                                                                                                      lodsd
                                                                                                                                                                                                      sub ecx, eax
                                                                                                                                                                                                      add esi, ecx
                                                                                                                                                                                                      mov ecx, eax
                                                                                                                                                                                                      push edi
                                                                                                                                                                                                      push ecx
                                                                                                                                                                                                      dec ecx
                                                                                                                                                                                                      mov al, byte ptr [ecx+edi+06h]
                                                                                                                                                                                                      mov byte ptr [ecx+esi], al
                                                                                                                                                                                                      jne 00007FA1D11DD908h
                                                                                                                                                                                                      sub eax, eax
                                                                                                                                                                                                      lodsb
                                                                                                                                                                                                      mov ecx, eax
                                                                                                                                                                                                      and cl, FFFFFFF0h
                                                                                                                                                                                                      and al, 0Fh
                                                                                                                                                                                                      shl ecx, 0Ch
                                                                                                                                                                                                      mov ch, al
                                                                                                                                                                                                      lodsb
                                                                                                                                                                                                      or ecx, eax
                                                                                                                                                                                                      push ecx
                                                                                                                                                                                                      add cl, ch
                                                                                                                                                                                                      mov ebp, FFFFFD00h
                                                                                                                                                                                                      shl ebp, cl
                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                      pop eax
                                                                                                                                                                                                      mov ebx, esp
                                                                                                                                                                                                      lea esp, dword ptr [esp+ebp*2-00000E70h]
                                                                                                                                                                                                      push ecx
                                                                                                                                                                                                      sub ecx, ecx
                                                                                                                                                                                                      push ecx
                                                                                                                                                                                                      push ecx
                                                                                                                                                                                                      mov ecx, esp
                                                                                                                                                                                                      push ecx
                                                                                                                                                                                                      mov dx, word ptr [edi]
                                                                                                                                                                                                      shl edx, 0Ch
                                                                                                                                                                                                      push edx
                                                                                                                                                                                                      push edi
                                                                                                                                                                                                      add ecx, 04h
                                                                                                                                                                                                      push ecx
                                                                                                                                                                                                      push eax
                                                                                                                                                                                                      add ecx, 04h
                                                                                                                                                                                                      push esi
                                                                                                                                                                                                      push ecx
                                                                                                                                                                                                      call 00007FA1D11DD973h
                                                                                                                                                                                                      mov esp, ebx
                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                      pop edx
                                                                                                                                                                                                      sub eax, eax
                                                                                                                                                                                                      mov dword ptr [edx+esi], eax
                                                                                                                                                                                                      mov ah, 10h
                                                                                                                                                                                                      sub edx, eax
                                                                                                                                                                                                      sub ecx, ecx
                                                                                                                                                                                                      cmp ecx, edx
                                                                                                                                                                                                      jnc 00007FA1D11DD938h
                                                                                                                                                                                                      mov ebx, ecx
                                                                                                                                                                                                      lodsb
                                                                                                                                                                                                      inc ecx
                                                                                                                                                                                                      and al, FEh
                                                                                                                                                                                                      cmp al, E8h
                                                                                                                                                                                                      jne 00007FA1D11DD904h
                                                                                                                                                                                                      inc ebx
                                                                                                                                                                                                      add ecx, 04h
                                                                                                                                                                                                      lodsd
                                                                                                                                                                                                      or eax, eax
                                                                                                                                                                                                      js 00007FA1D11DD918h
                                                                                                                                                                                                      cmp eax, edx
                                                                                                                                                                                                      jnc 00007FA1D11DD8F7h
                                                                                                                                                                                                      jmp 00007FA1D11DD918h
                                                                                                                                                                                                      add eax, ebx
                                                                                                                                                                                                      js 00007FA1D11DD8F1h
                                                                                                                                                                                                      add eax, edx
                                                                                                                                                                                                      sub eax, ebx
                                                                                                                                                                                                      mov dword ptr [esi-04h], eax
                                                                                                                                                                                                      jmp 00007FA1D11DD8E8h
                                                                                                                                                                                                      call 00007FA1D11DD915h
                                                                                                                                                                                                      pop edi
                                                                                                                                                                                                      add edi, FFFFFF4Dh
                                                                                                                                                                                                      mov al, E9h
                                                                                                                                                                                                      stosb
                                                                                                                                                                                                      mov eax, 00000B56h
                                                                                                                                                                                                      stosd
                                                                                                                                                                                                      call 00007FA1D11DD915h

                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xd180000x1b0.MPRESS2
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xd190000x4259c.rsrc
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x6de0000x9498.MPRESS1
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0xd180b40x30.MPRESS2
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                      Sections

                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                      .MPRESS10x10000xd170000x69aa00e117de0f1256fe3665f942812114b350unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .MPRESS20xd180000xd190xe0015de060f77f0f2cbc3d456711626c243False0.5424107142857143data5.752343724847905IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                      .rsrc0xd190000x4259c0x42600cbd7afe499608cf8356bca4d7c57f86fFalse0.2385276895009416data4.250171677922003IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                                                                                                                                                                      Resources

                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                      RT_ICON0xd193680x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4096EnglishUnited States0.6292213883677298
                                                                                                                                                                                                      RT_ICON0xd1a4380x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216EnglishUnited States0.5646265560165975
                                                                                                                                                                                                      RT_ICON0xd1ca080x4228Device independent bitmap graphic, 64 x 128 x 32, image size 16384EnglishUnited States0.5298771846953235
                                                                                                                                                                                                      RT_ICON0xd20c580x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.3135245901639344
                                                                                                                                                                                                      RT_ICON0xd216080x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.3784883720930233
                                                                                                                                                                                                      RT_ICON0xd21ce80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.42021276595744683
                                                                                                                                                                                                      RT_ICON0xd221780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.2967213114754098
                                                                                                                                                                                                      RT_ICON0xd22b280x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.35872093023255813
                                                                                                                                                                                                      RT_ICON0xd232080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.38652482269503546
                                                                                                                                                                                                      RT_ICON0xd236980x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.3237704918032787
                                                                                                                                                                                                      RT_ICON0xd240480x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.3930232558139535
                                                                                                                                                                                                      RT_ICON0xd247280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.43617021276595747
                                                                                                                                                                                                      RT_ICON0xd24bb80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.2819672131147541
                                                                                                                                                                                                      RT_ICON0xd255680x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.34011627906976744
                                                                                                                                                                                                      RT_ICON0xd25c480x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.37677304964539005
                                                                                                                                                                                                      RT_ICON0xd260d80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.2069672131147541
                                                                                                                                                                                                      RT_ICON0xd26a880x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.24941860465116278
                                                                                                                                                                                                      RT_ICON0xd271680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.3067375886524823
                                                                                                                                                                                                      RT_ICON0xd275f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.27827868852459015
                                                                                                                                                                                                      RT_ICON0xd27fa80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.3377906976744186
                                                                                                                                                                                                      RT_ICON0xd286880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.36879432624113473
                                                                                                                                                                                                      RT_ICON0xd28b180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.2594262295081967
                                                                                                                                                                                                      RT_ICON0xd294c80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.30930232558139537
                                                                                                                                                                                                      RT_ICON0xd29ba80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.33865248226950356
                                                                                                                                                                                                      RT_ICON0xd2a0380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.28688524590163933
                                                                                                                                                                                                      RT_ICON0xd2a9e80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.34069767441860466
                                                                                                                                                                                                      RT_ICON0xd2b0c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.38475177304964536
                                                                                                                                                                                                      RT_ICON0xd2b5580x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.18688524590163935
                                                                                                                                                                                                      RT_ICON0xd2bf080x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.20988372093023255
                                                                                                                                                                                                      RT_ICON0xd2c5e80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2473404255319149
                                                                                                                                                                                                      RT_ICON0xd2ca780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.18688524590163935
                                                                                                                                                                                                      RT_ICON0xd2d4280x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.20988372093023255
                                                                                                                                                                                                      RT_ICON0xd2db080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2473404255319149
                                                                                                                                                                                                      RT_ICON0xd2df980x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.11762295081967213
                                                                                                                                                                                                      RT_ICON0xd2e9480x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.14593023255813953
                                                                                                                                                                                                      RT_ICON0xd2f0280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.17375886524822695
                                                                                                                                                                                                      RT_ICON0xd2f4b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.11762295081967213
                                                                                                                                                                                                      RT_ICON0xd2fe680x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.14593023255813953
                                                                                                                                                                                                      RT_ICON0xd305480x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.17375886524822695
                                                                                                                                                                                                      RT_ICON0xd309d80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1864754098360656
                                                                                                                                                                                                      RT_ICON0xd313880x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.21104651162790697
                                                                                                                                                                                                      RT_ICON0xd31a680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.25177304964539005
                                                                                                                                                                                                      RT_ICON0xd31ef80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.18278688524590164
                                                                                                                                                                                                      RT_ICON0xd328a80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.2052325581395349
                                                                                                                                                                                                      RT_ICON0xd32f880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.24113475177304963
                                                                                                                                                                                                      RT_ICON0xd334180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.18278688524590164
                                                                                                                                                                                                      RT_ICON0xd33dc80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.2052325581395349
                                                                                                                                                                                                      RT_ICON0xd344a80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.24113475177304963
                                                                                                                                                                                                      RT_ICON0xd349380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.11147540983606558
                                                                                                                                                                                                      RT_ICON0xd352e80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.14302325581395348
                                                                                                                                                                                                      RT_ICON0xd359c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.16578014184397163
                                                                                                                                                                                                      RT_ICON0xd35e580x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.11147540983606558
                                                                                                                                                                                                      RT_ICON0xd368080x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.14302325581395348
                                                                                                                                                                                                      RT_ICON0xd36ee80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.16578014184397163
                                                                                                                                                                                                      RT_ICON0xd373780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1831967213114754
                                                                                                                                                                                                      RT_ICON0xd37d280x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.2058139534883721
                                                                                                                                                                                                      RT_ICON0xd384080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.24468085106382978
                                                                                                                                                                                                      RT_ICON0xd388980x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1987704918032787
                                                                                                                                                                                                      RT_ICON0xd392480x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.23837209302325582
                                                                                                                                                                                                      RT_ICON0xd399280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.25975177304964536
                                                                                                                                                                                                      RT_ICON0xd39db80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1987704918032787
                                                                                                                                                                                                      RT_ICON0xd3a7680x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.23837209302325582
                                                                                                                                                                                                      RT_ICON0xd3ae480x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.25975177304964536
                                                                                                                                                                                                      RT_ICON0xd3b2d80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.12581967213114753
                                                                                                                                                                                                      RT_ICON0xd3bc880x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.15232558139534882
                                                                                                                                                                                                      RT_ICON0xd3c3680x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.17819148936170212
                                                                                                                                                                                                      RT_ICON0xd3c7f80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.12581967213114753
                                                                                                                                                                                                      RT_ICON0xd3d1a80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.15232558139534882
                                                                                                                                                                                                      RT_ICON0xd3d8880x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.17819148936170212
                                                                                                                                                                                                      RT_ICON0xd3dd180x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1987704918032787
                                                                                                                                                                                                      RT_ICON0xd3e6c80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.2377906976744186
                                                                                                                                                                                                      RT_ICON0xd3eda80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.2632978723404255
                                                                                                                                                                                                      RT_ICON0xd3f2380x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.19549180327868854
                                                                                                                                                                                                      RT_ICON0xd3fbe80x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.23488372093023255
                                                                                                                                                                                                      RT_ICON0xd402c80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.25620567375886527
                                                                                                                                                                                                      RT_ICON0xd407580x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.19549180327868854
                                                                                                                                                                                                      RT_ICON0xd411080x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.23488372093023255
                                                                                                                                                                                                      RT_ICON0xd417e80x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.25620567375886527
                                                                                                                                                                                                      RT_ICON0xd41c780x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1221311475409836
                                                                                                                                                                                                      RT_ICON0xd426280x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.1494186046511628
                                                                                                                                                                                                      RT_ICON0xd42d080x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.1702127659574468
                                                                                                                                                                                                      RT_ICON0xd431980x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1221311475409836
                                                                                                                                                                                                      RT_ICON0xd43b480x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.1494186046511628
                                                                                                                                                                                                      RT_ICON0xd442280x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.1702127659574468
                                                                                                                                                                                                      RT_ICON0xd446b80x988Device independent bitmap graphic, 24 x 48 x 32, image size 2400EnglishUnited States0.1959016393442623
                                                                                                                                                                                                      RT_ICON0xd450680x6b8Device independent bitmap graphic, 20 x 40 x 32, image size 1680EnglishUnited States0.23604651162790696
                                                                                                                                                                                                      RT_ICON0xd457480x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States0.25975177304964536
                                                                                                                                                                                                      RT_ICON0xd45bd80xa48Device independent bitmap graphic, 26 x 48 x 32, image size 0EnglishUnited States0.04635258358662614
                                                                                                                                                                                                      RT_ICON0xd466480x708Device independent bitmap graphic, 21 x 40 x 32, image size 0EnglishUnited States0.06
                                                                                                                                                                                                      RT_ICON0xd46d780x4a8Device independent bitmap graphic, 17 x 32 x 32, image size 0EnglishUnited States0.07718120805369127
                                                                                                                                                                                                      RT_ICON0xd472480xa48Device independent bitmap graphic, 26 x 48 x 32, image size 0EnglishUnited States0.1344984802431611
                                                                                                                                                                                                      RT_ICON0xd47cb80x708Device independent bitmap graphic, 21 x 40 x 32, image size 0EnglishUnited States0.17722222222222223
                                                                                                                                                                                                      RT_ICON0xd483e80x4a8Device independent bitmap graphic, 17 x 32 x 32, image size 0EnglishUnited States0.21308724832214765
                                                                                                                                                                                                      RT_ICON0xd488b80xa48Device independent bitmap graphic, 26 x 48 x 32, image size 0EnglishUnited States0.16299392097264437
                                                                                                                                                                                                      RT_ICON0xd493280x708Device independent bitmap graphic, 21 x 40 x 32, image size 0EnglishUnited States0.20944444444444443
                                                                                                                                                                                                      RT_ICON0xd49a580x4a8Device independent bitmap graphic, 17 x 32 x 32, image size 0EnglishUnited States0.21476510067114093
                                                                                                                                                                                                      RT_ICON0xd49f280x10828Device independent bitmap graphic, 128 x 256 x 32, image size 65536EnglishUnited States0.4630160889624985
                                                                                                                                                                                                      RT_GROUP_ICON0xd5a8880x3edataEnglishUnited States0.8225806451612904
                                                                                                                                                                                                      RT_GROUP_ICON0xd5a8f00x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5a9480x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5a9a00x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5a9f80x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5aa500x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5aaa80x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5ab000x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5ab580x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5abb00x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5ac080x30dataEnglishUnited States0.9375
                                                                                                                                                                                                      RT_GROUP_ICON0xd5ac600x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5acb80x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5ad100x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5ad680x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5adc00x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5ae180x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5ae700x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5aec80x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5af200x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5af780x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5afd00x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b0280x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b0800x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b0d80x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b1300x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b1880x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b1e00x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b2380x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b2900x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b2e80x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_GROUP_ICON0xd5b3400x30dataEnglishUnited States0.9583333333333334
                                                                                                                                                                                                      RT_MANIFEST0xd5b3b00x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                      Imports

                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                      KERNEL32.DLLGetModuleHandleA, GetProcAddress
                                                                                                                                                                                                      USER32.dllCloseClipboard
                                                                                                                                                                                                      GDI32.dllBitBlt
                                                                                                                                                                                                      ole32.dllCoCreateInstance
                                                                                                                                                                                                      SHELL32.dllSHEmptyRecycleBinW
                                                                                                                                                                                                      OLEAUT32.dllSysAllocString

                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                      EnglishUnited States

                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                      Suricata IDS Alerts

                                                                                                                                                                                                      TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                      2024-12-18T15:07:55.695291+01002057257ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (respectabosiz .shop)1192.168.2.7593731.1.1.153UDP
                                                                                                                                                                                                      2024-12-18T15:07:55.986130+01002057269ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (worddosofrm .shop)1192.168.2.7561571.1.1.153UDP
                                                                                                                                                                                                      2024-12-18T15:07:56.207282+01002057267ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mutterissuen .shop)1192.168.2.7581731.1.1.153UDP
                                                                                                                                                                                                      2024-12-18T15:07:56.430437+01002057265ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (standartedby .shop)1192.168.2.7531911.1.1.153UDP
                                                                                                                                                                                                      2024-12-18T15:07:56.648865+01002057263ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (nightybinybz .shop)1192.168.2.7543381.1.1.153UDP
                                                                                                                                                                                                      2024-12-18T15:07:56.877818+01002057259ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (conceszustyb .shop)1192.168.2.7565621.1.1.153UDP
                                                                                                                                                                                                      2024-12-18T15:07:57.110441+01002057261ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bakedstusteeb .shop)1192.168.2.7511301.1.1.153UDP
                                                                                                                                                                                                      2024-12-18T15:07:57.649988+01002057255ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (moutheventushz .shop)1192.168.2.7521221.1.1.153UDP
                                                                                                                                                                                                      2024-12-18T15:07:59.675990+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.749713104.102.49.254443TCP
                                                                                                                                                                                                      2024-12-18T15:08:00.464093+01002858666ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup1192.168.2.749713104.102.49.254443TCP

                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Dec 18, 2024 15:07:58.182627916 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:07:58.182673931 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:58.182742119 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:07:58.188236952 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:07:58.188261032 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:59.675820112 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:59.675990105 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:07:59.678869963 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:07:59.678881884 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:59.679184914 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:59.730422020 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:07:59.772269011 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:07:59.815342903 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464144945 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464165926 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464205027 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464216948 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464225054 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464238882 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464251041 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464257956 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.464287043 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.648063898 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.648125887 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.648149014 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.648155928 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.648224115 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.650434017 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.650470972 CET44349713104.102.49.254192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.650490999 CET49713443192.168.2.7104.102.49.254
                                                                                                                                                                                                      Dec 18, 2024 15:08:00.650500059 CET44349713104.102.49.254192.168.2.7

                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                      Dec 18, 2024 15:07:55.695291042 CET5937353192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:55.982157946 CET53593731.1.1.1192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:55.986129999 CET5615753192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.203407049 CET53561571.1.1.1192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.207282066 CET5817353192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.428431988 CET53581731.1.1.1192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.430437088 CET5319153192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.645627022 CET53531911.1.1.1192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.648864985 CET5433853192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.870382071 CET53543381.1.1.1192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.877818108 CET5656253192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.108921051 CET53565621.1.1.1192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.110440969 CET5113053192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.400774956 CET53511301.1.1.1192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.649987936 CET5212253192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.870619059 CET53521221.1.1.1192.168.2.7
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.970858097 CET6052253192.168.2.71.1.1.1
                                                                                                                                                                                                      Dec 18, 2024 15:07:58.108798027 CET53605221.1.1.1192.168.2.7

                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                      Dec 18, 2024 15:07:55.695291042 CET192.168.2.71.1.1.10x37a6Standard query (0)respectabosiz.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:55.986129999 CET192.168.2.71.1.1.10x651aStandard query (0)worddosofrm.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.207282066 CET192.168.2.71.1.1.10x923cStandard query (0)mutterissuen.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.430437088 CET192.168.2.71.1.1.10xa895Standard query (0)standartedby.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.648864985 CET192.168.2.71.1.1.10x6009Standard query (0)nightybinybz.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.877818108 CET192.168.2.71.1.1.10x9716Standard query (0)conceszustyb.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.110440969 CET192.168.2.71.1.1.10x913Standard query (0)bakedstusteeb.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.649987936 CET192.168.2.71.1.1.10xe43aStandard query (0)moutheventushz.shopA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.970858097 CET192.168.2.71.1.1.10x55e5Standard query (0)steamcommunity.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                      Dec 18, 2024 15:07:55.982157946 CET1.1.1.1192.168.2.70x37a6Name error (3)respectabosiz.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.203407049 CET1.1.1.1192.168.2.70x651aName error (3)worddosofrm.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.428431988 CET1.1.1.1192.168.2.70x923cName error (3)mutterissuen.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.645627022 CET1.1.1.1192.168.2.70xa895Name error (3)standartedby.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:56.870382071 CET1.1.1.1192.168.2.70x6009Name error (3)nightybinybz.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.108921051 CET1.1.1.1192.168.2.70x9716Name error (3)conceszustyb.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.400774956 CET1.1.1.1192.168.2.70x913Name error (3)bakedstusteeb.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:57.870619059 CET1.1.1.1192.168.2.70xe43aName error (3)moutheventushz.shopnonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                      Dec 18, 2024 15:07:58.108798027 CET1.1.1.1192.168.2.70x55e5No error (0)steamcommunity.com104.102.49.254A (IP address)IN (0x0001)false

                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                      • steamcommunity.com

                                                                                                                                                                                                      HTTPS Proxied Packets

                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                      0192.168.2.749713104.102.49.2544437708C:\Users\user\Desktop\f86nrrc6.exe
                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                      2024-12-18 14:07:59 UTC219OUTGET /profiles/76561199724331900 HTTP/1.1
                                                                                                                                                                                                      Connection: Keep-Alive
                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                                                                                                                                                                                                      Host: steamcommunity.com
                                                                                                                                                                                                      2024-12-18 14:08:00 UTC1905INHTTP/1.1 200 OK
                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                      Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.fastly.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.fastly.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq. [TRUNCATED]
                                                                                                                                                                                                      Expires: Mon, 26 Jul 1997 05:00:00 GMT
                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                      Date: Wed, 18 Dec 2024 14:08:00 GMT
                                                                                                                                                                                                      Content-Length: 25665
                                                                                                                                                                                                      Connection: close
                                                                                                                                                                                                      Set-Cookie: sessionid=fb63f22e2ee3a484412bc217; Path=/; Secure; SameSite=None
                                                                                                                                                                                                      Set-Cookie: steamCountry=US%7C185ce35c568ebbb18a145d0cabae7186; Path=/; Secure; HttpOnly; SameSite=None
                                                                                                                                                                                                      2024-12-18 14:08:00 UTC14479INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 20 72 65 73 70 6f 6e 73 69 76 65 22 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 0a 09 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 74 68 65 6d 65 2d 63 6f 6c 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 23 31 37 31 61 32 31 22 3e 0a 09 09 3c 74 69 74 6c 65 3e
                                                                                                                                                                                                      Data Ascii: <!DOCTYPE html><html class=" responsive" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><meta name="theme-color" content="#171a21"><title>
                                                                                                                                                                                                      2024-12-18 14:08:00 UTC11186INData Raw: 3f 6c 3d 6b 6f 72 65 61 6e 61 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 6b 6f 72 65 61 6e 61 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e ed 95 9c ea b5 ad ec 96 b4 20 28 4b 6f 72 65 61 6e 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 3c 61 20 63 6c 61 73 73 3d 22 70 6f 70 75 70 5f 6d 65 6e 75 5f 69 74 65 6d 20 74 69 67 68 74 22 20 68 72 65 66 3d 22 3f 6c 3d 74 68 61 69 22 20 6f 6e 63 6c 69 63 6b 3d 22 43 68 61 6e 67 65 4c 61 6e 67 75 61 67 65 28 20 27 74 68 61 69 27 20 29 3b 20 72 65 74 75 72 6e 20 66 61 6c 73 65 3b 22 3e e0 b9 84 e0 b8 97 e0 b8 a2 20 28 54 68 61 69 29 3c 2f 61 3e 0a 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09 09
                                                                                                                                                                                                      Data Ascii: ?l=koreana" onclick="ChangeLanguage( 'koreana' ); return false;"> (Korean)</a><a class="popup_menu_item tight" href="?l=thai" onclick="ChangeLanguage( 'thai' ); return false;"> (Thai)</a>


                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                      General

                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                      Start time:09:07:43
                                                                                                                                                                                                      Start date:18/12/2024
                                                                                                                                                                                                      Path:C:\Users\user\Desktop\f86nrrc6.exe
                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\f86nrrc6.exe"
                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                      File size:7'238'808 bytes
                                                                                                                                                                                                      MD5 hash:F2A50F1B081EA3CD4821195676ADACF1
                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                        Execution Coverage:3.4%
                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                        Signature Coverage:72.2%
                                                                                                                                                                                                        Total number of Nodes:169
                                                                                                                                                                                                        Total number of Limit Nodes:9
                                                                                                                                                                                                        execution_graph 6528 40d400 6532 40d406 6528->6532 6529 40d478 6530 40d473 6535 43b530 6530->6535 6532->6529 6532->6530 6534 40fb90 FreeLibrary 6532->6534 6534->6530 6538 43cc90 6535->6538 6537 43b535 FreeLibrary 6537->6529 6539 43cc99 6538->6539 6539->6537 6707 414763 6709 414780 6707->6709 6708 41216c 6709->6708 6710 41dad0 LdrInitializeThunk 6709->6710 6710->6708 6722 438580 6723 43864e 6722->6723 6724 438591 6722->6724 6724->6723 6726 43b600 LdrInitializeThunk 6724->6726 6726->6723 6590 411204 6591 411230 6590->6591 6596 421a80 6591->6596 6593 411322 6608 423dd0 6593->6608 6597 421ae0 6596->6597 6597->6597 6619 43f260 6597->6619 6599 421c71 6600 421e3b 6599->6600 6602 421de7 6599->6602 6603 421df8 6599->6603 6604 421c80 6599->6604 6623 41fdf0 6600->6623 6602->6603 6632 41dad0 6602->6632 6603->6593 6604->6604 6605 43f260 LdrInitializeThunk 6604->6605 6605->6602 6607 422268 6609 424003 6608->6609 6610 411382 6608->6610 6612 423df6 6608->6612 6618 424022 6608->6618 6646 43fcc0 6609->6646 6612->6609 6612->6610 6612->6612 6612->6618 6642 43f880 6612->6642 6614 43f880 LdrInitializeThunk 6614->6618 6617 43b600 LdrInitializeThunk 6617->6618 6618->6610 6618->6614 6618->6617 6652 43f9d0 6618->6652 6658 440330 6618->6658 6620 43f280 6619->6620 6621 43f3ce 6620->6621 6638 43b600 LdrInitializeThunk 6620->6638 6621->6599 6624 43f0b0 LdrInitializeThunk 6623->6624 6626 41fe30 6624->6626 6625 420692 6625->6602 6626->6625 6630 41ff25 6626->6630 6639 43b600 LdrInitializeThunk 6626->6639 6628 4205cd 6628->6625 6641 43b600 LdrInitializeThunk 6628->6641 6630->6628 6640 43b600 LdrInitializeThunk 6630->6640 6633 41dae0 6632->6633 6634 43f260 LdrInitializeThunk 6633->6634 6636 41db39 6634->6636 6635 41db59 6635->6607 6636->6635 6637 41fdf0 LdrInitializeThunk 6636->6637 6637->6635 6638->6621 6639->6626 6640->6630 6641->6628 6644 43f8a0 6642->6644 6643 43f99e 6643->6612 6644->6643 6664 43b600 LdrInitializeThunk 6644->6664 6647 43fcf0 6646->6647 6649 43fd5e 6647->6649 6665 43b600 LdrInitializeThunk 6647->6665 6651 43fe3e 6649->6651 6666 43b600 LdrInitializeThunk 6649->6666 6651->6618 6653 43fa00 6652->6653 6655 43fa6e 6653->6655 6667 43b600 LdrInitializeThunk 6653->6667 6657 43fb7e 6655->6657 6668 43b600 LdrInitializeThunk 6655->6668 6657->6618 6659 44033f 6658->6659 6661 44041e 6659->6661 6669 43b600 LdrInitializeThunk 6659->6669 6663 44058f 6661->6663 6670 43b600 LdrInitializeThunk 6661->6670 6663->6618 6664->6643 6665->6649 6666->6651 6667->6655 6668->6657 6669->6661 6670->6663 6711 413d2b 6713 413d50 6711->6713 6714 41216c 6713->6714 6715 417340 6713->6715 6716 417353 6715->6716 6717 43f0b0 LdrInitializeThunk 6716->6717 6718 4174ed 6717->6718 6540 4113ce 6545 424c70 6540->6545 6542 4113d4 6557 4266f0 6542->6557 6562 424c90 6545->6562 6547 424c84 6547->6542 6548 424c79 6548->6547 6549 436350 LdrInitializeThunk 6548->6549 6554 4255d9 6549->6554 6550 425609 6550->6542 6551 43f0b0 LdrInitializeThunk 6551->6554 6552 43f420 LdrInitializeThunk 6552->6554 6553 43f510 LdrInitializeThunk 6553->6554 6554->6550 6554->6551 6554->6552 6554->6553 6555 425a9f 6554->6555 6556 43b600 LdrInitializeThunk 6555->6556 6556->6550 6558 426740 6557->6558 6558->6558 6574 43f0b0 6558->6574 6560 426b6a 6578 43f420 6560->6578 6563 424cf0 6562->6563 6563->6563 6566 438330 6563->6566 6565 424d14 6567 438360 6566->6567 6569 4383be 6567->6569 6572 43b600 LdrInitializeThunk 6567->6572 6570 4384ae 6569->6570 6573 43b600 LdrInitializeThunk 6569->6573 6570->6565 6572->6569 6573->6570 6575 43f0d0 6574->6575 6576 43f20e 6575->6576 6582 43b600 LdrInitializeThunk 6575->6582 6576->6560 6579 43f450 6578->6579 6579->6579 6580 43f4be 6579->6580 6583 43b600 LdrInitializeThunk 6579->6583 6580->6560 6582->6576 6583->6580 6719 416bd0 6720 438330 LdrInitializeThunk 6719->6720 6721 416bf8 6720->6721 6740 411db0 6741 411dd0 6740->6741 6743 411e36 6741->6743 6746 43b600 LdrInitializeThunk 6741->6746 6745 411f42 6743->6745 6747 43b600 LdrInitializeThunk 6743->6747 6746->6743 6747->6745 6694 43eed0 6695 43eef0 6694->6695 6695->6695 6696 43f04e 6695->6696 6698 43b600 LdrInitializeThunk 6695->6698 6698->6696 6699 43f6d0 6700 43f700 6699->6700 6703 43f76f 6700->6703 6705 43b600 LdrInitializeThunk 6700->6705 6702 43f83e 6703->6702 6706 43b600 LdrInitializeThunk 6703->6706 6705->6703 6706->6702 6584 411454 6587 430a30 6584->6587 6588 430a5e GetSystemMetrics GetSystemMetrics 6587->6588 6589 430aa1 6588->6589 6671 410c37 6674 4358f0 6671->6674 6673 410c41 6676 435960 CoCreateInstance 6674->6676 6677 435a3a SysAllocString 6676->6677 6686 435f82 6676->6686 6679 435acd 6677->6679 6680 435ad9 CoSetProxyBlanket 6679->6680 6681 435f6e SysFreeString 6679->6681 6682 435f64 6680->6682 6683 435af9 SysAllocString 6680->6683 6681->6686 6682->6681 6685 435be0 6683->6685 6685->6685 6687 435c0e SysAllocString 6685->6687 6686->6673 6689 435c39 6687->6689 6688 435f4e SysFreeString SysFreeString 6688->6682 6689->6688 6690 435f44 6689->6690 6691 435c84 VariantInit 6689->6691 6690->6688 6693 435ce0 6691->6693 6692 435f2c VariantClear 6692->6690 6693->6692 6727 41139a 6732 4247c0 6727->6732 6729 4113a0 6730 4247c0 LdrInitializeThunk 6729->6730 6731 4113b6 6730->6731 6733 4247e0 6732->6733 6735 42482e 6733->6735 6738 43b600 LdrInitializeThunk 6733->6738 6737 424948 6735->6737 6739 43b600 LdrInitializeThunk 6735->6739 6737->6729 6738->6735 6739->6737

                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                        Function 0040F560 Relevance: 7.9, Strings: 6, Instructions: 407COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 12 40f560-40f5e5 13 40f5f0-40f5f8 12->13 13->13 14 40f5fa-40f626 13->14 16 40f630 14->16 17 40f8e1-40f8e5 14->17 18 40f993-40f99c 14->18 19 40f9a3-40f9a9 14->19 20 40f636-40f638 14->20 21 40f986-40f98e 14->21 22 40f8ea-40f97f call 40cbe0 14->22 23 40f9ab-40f9b4 14->23 24 40f63d-40f85a 14->24 16->20 41 40fb61-40fb6d 17->41 18->19 18->23 25 40fac0-40fae7 18->25 26 40fb80 18->26 27 40fb82-40fb89 18->27 28 40fb43 18->28 29 40fb46 18->29 30 40fa8e-40faa8 18->30 31 40faee 18->31 32 40fa4f-40fa5a 18->32 33 40faaf-40fabe 18->33 34 40fb35-40fb3c 18->34 35 40fb16-40fb2e call 43b550 18->35 36 40fa5f-40fa87 18->36 37 40f9db-40f9ff 19->37 39 40fb70-40fb76 20->39 43 40fb58 21->43 22->18 22->19 22->21 22->23 22->25 22->26 22->27 22->28 22->29 22->30 22->31 22->32 22->33 22->34 22->35 22->36 38 40f9c0-40f9d4 23->38 40 40f860-40f8c3 24->40 25->26 25->27 25->28 25->31 28->29 46 40fb4f 29->46 30->25 30->26 30->27 30->28 30->29 30->31 30->33 30->34 30->35 47 40faf0-40faf4 31->47 32->46 33->47 34->26 34->27 34->28 34->31 35->25 35->26 35->27 35->28 35->31 35->34 36->25 36->26 36->27 36->28 36->29 36->30 36->31 36->33 36->34 36->35 45 40fa00-40fa2d 37->45 38->38 44 40f9d6-40f9d9 38->44 39->26 40->40 48 40f8c5-40f8d0 40->48 41->39 51 40fb5f 43->51 44->37 45->45 53 40fa2f-40fa48 45->53 46->43 57 40fafd-40fb0f 47->57 58 40f8d3-40f8da 48->58 51->41 53->25 53->26 53->27 53->28 53->29 53->30 53->31 53->32 53->33 53->34 53->35 53->36 57->25 57->26 57->27 57->28 57->31 57->34 57->35 58->17 58->18 58->19 58->21 58->22 58->23 58->25 58->26 58->27 58->28 58->29 58->30 58->31 58->32 58->33 58->34 58->35 58->36
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: -e0c$9i7g$a-e+$c)t'$k%h#$}#{
                                                                                                                                                                                                        • API String ID: 0-851799077
                                                                                                                                                                                                        • Opcode ID: 84cfe9b165b5e4fde25793dd99f8b2c2bcb65518d7b2ab87b041a3917b3d91ee
                                                                                                                                                                                                        • Instruction ID: 226b39ae0588f89a9092dc77e17c664bc41f618938104ad4f5360f269260c37c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 84cfe9b165b5e4fde25793dd99f8b2c2bcb65518d7b2ab87b041a3917b3d91ee
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79F165B6600B01DFE3208F26D891797BBF5FF85314F148A2DD5EA8BA90DB74A4058F84
                                                                                                                                                                                                        Function 0043B600 Relevance: 1.5, APIs: 1, Instructions: 14libraryCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 87 43b600-43b632 LdrInitializeThunk
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • LdrInitializeThunk.NTDLL(0043F3F2,005C003F,00000002,00000018,?), ref: 0043B62E
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: ad932b2b00559e9cb24108de1499e2b8809661d28f6ef4b94d1e3dfa2d030c47
                                                                                                                                                                                                        • Instruction ID: 88b266f08c8d8dc656098dc4a5309144cffe720ba9f358246b073a6e310c2786
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ad932b2b00559e9cb24108de1499e2b8809661d28f6ef4b94d1e3dfa2d030c47
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 47E0FE75908316AB9A09CF45C14444EFBE5BFC4714F11CC8DA4D867210D3B0AD46DF82
                                                                                                                                                                                                        Function 0040FF28 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 112 40ff28-40ff4f 113 40ff50-40ff81 112->113 113->113 114 40ff83-40ffb6 113->114 115 40ffc0-410008 114->115 115->115 116 41000a-41001c 115->116 117 410024-410039 116->117
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: LO
                                                                                                                                                                                                        • API String ID: 0-4218834679
                                                                                                                                                                                                        • Opcode ID: 75a8acb2736b9bbca07126e771eacac5bc987dee8e051a9f25db1d155e375cd3
                                                                                                                                                                                                        • Instruction ID: 316a0c713d8ec889d0f2383d5a3762abcadb3709da7811cf17198a4df97889c8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 75a8acb2736b9bbca07126e771eacac5bc987dee8e051a9f25db1d155e375cd3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B3210572A483505FC324CF28CCC131BBAE1ABD6218F159A3DF5E5D77D5D67988008786

                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                        Function 0041FDF0 Relevance: 30.6, Strings: 24, Instructions: 601COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 161 41fdf0-41fe35 call 43f0b0 164 4206eb-4206fb 161->164 165 41fe3b-41fea4 call 416fd0 call 438130 161->165 170 41fea9-41feb7 165->170 170->170 171 41feb9 170->171 172 41febb-41febe 171->172 173 41fec0-41ff0d 172->173 174 41ff0f-41ff16 172->174 173->172 175 41ff18-41ff23 174->175 176 41ff25 175->176 177 41ff2a-41ff41 175->177 178 41ffe4-41ffe7 176->178 179 41ff43-41ffd1 177->179 180 41ff48-41ff53 177->180 184 41ffe9 178->184 185 41ffeb-41fff0 178->185 182 41ffd3-41ffd8 179->182 180->182 183 41ff55-41ffcf call 43b600 180->183 187 41ffda 182->187 188 41ffdc-41ffdf 182->188 183->182 184->185 189 4205d1-420616 call 438230 185->189 190 41fff6-420006 185->190 187->178 188->175 197 42061b-420629 189->197 193 420008-42002d 190->193 195 420222-420225 193->195 196 420033-420052 193->196 198 420227-42022b 195->198 199 42022d-420245 call 438130 195->199 200 420057-420062 196->200 197->197 201 42062b 197->201 202 42025d-42025f 198->202 223 420247-42025b 199->223 224 420249-420254 199->224 200->200 204 420064-420068 200->204 208 42062d-420630 201->208 206 4205a2-4205ad 202->206 207 420265-420284 202->207 205 42006a-42006d 204->205 212 4200a9-4200cb call 420700 205->212 213 42006f-4200a7 205->213 210 4205b1-4205b9 206->210 211 4205af-4205bf 206->211 214 420289-420294 207->214 215 420632-42067f 208->215 216 420681-420688 208->216 219 4205c1 210->219 211->219 212->195 234 4200d1-420110 212->234 213->205 214->214 221 420296-4202a5 214->221 215->208 222 42068a-420690 216->222 228 4205c3-4205c7 219->228 230 4202a7-4202aa 221->230 225 420692 222->225 226 420694-4206a8 222->226 223->202 224->228 225->164 231 4206aa 226->231 232 4206ac-4206b2 226->232 228->193 233 4205cd-4205cf 228->233 235 4202b0-420331 230->235 236 420336-420377 230->236 237 4206db-4206de 231->237 238 4206b6-4206d6 call 43b600 232->238 239 4206b4 232->239 233->189 241 420115-420123 234->241 235->230 242 42037c-42038a 236->242 245 4206e0-4206e2 237->245 246 4206e4-4206e9 237->246 238->237 239->237 241->241 244 420125 241->244 242->242 247 42038c-42038e 242->247 248 420127-42012a 244->248 245->164 246->222 249 420392-420395 247->249 250 420155-42017c call 420700 248->250 251 42012c-420153 248->251 252 4203e6-4203ed 249->252 253 420397-4203e4 249->253 262 420183-42019a 250->262 263 42017e 250->263 251->248 255 4203ef-4203fa 252->255 253->249 257 420401-420418 255->257 258 4203fc 255->258 260 42041a-4204b9 257->260 261 42041f-42042a 257->261 259 4204cc-4204d3 258->259 267 4204d7-4204f6 259->267 268 4204d5 259->268 266 4204bb-4204c0 260->266 265 420430-4204b7 call 43b600 261->265 261->266 269 42019e-420220 call 40cc80 call 416c00 call 40cc90 262->269 270 42019c 262->270 263->195 265->266 273 4204c2 266->273 274 4204c4-4204c7 266->274 275 4204fb-420506 267->275 268->267 269->195 270->269 273->259 274->255 275->275 278 420508 275->278 280 42050a-42050d 278->280 281 42050f-42053a 280->281 282 42053c-420549 280->282 281->280 284 42057b-42057e 282->284 285 42054b-42054f 282->285 288 420580-42058d call 438230 284->288 289 42058f-420591 284->289 286 420551-420558 285->286 290 42055a-420566 286->290 291 420568-42056f 286->291 294 420593-420596 288->294 289->294 290->286 295 420571 291->295 296 420577-420579 291->296 294->206 299 420598-4205a0 294->299 295->296 296->284 299->228
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: !$!@$$$%$6$9$<$<$=$?$Y$Z$[$j$l$x$x$x$z$z$z${${${
                                                                                                                                                                                                        • API String ID: 2994545307-1571756884
                                                                                                                                                                                                        • Opcode ID: f1730ef8e42b2ada35d312604c8886e85bc1cc06c032119ea885c8af143ca059
                                                                                                                                                                                                        • Instruction ID: f91c82cc5f90e8b89dfc4b824f758c3499413eda674ffe0f2f419b91f75692ba
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f1730ef8e42b2ada35d312604c8886e85bc1cc06c032119ea885c8af143ca059
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B32E27160C3908FD324CB28D4543AFBBE1ABC5314F58896ED5DA87382D7BD88468B57
                                                                                                                                                                                                        Function 004358F0 Relevance: 30.3, APIs: 10, Strings: 7, Instructions: 569memorycomCOMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 300 4358f0-435956 301 435960-4359bf 300->301 301->301 302 4359c1-4359dc 301->302 304 4359e6-435a34 CoCreateInstance 302->304 305 4359de 302->305 306 435f82-435faf call 43e6d0 304->306 307 435a3a-435a7f 304->307 305->304 314 436063-43606a 306->314 315 435fb5-435fbf 306->315 309 435a80-435a9e 307->309 309->309 311 435aa0-435ad3 SysAllocString 309->311 316 435ad9-435af3 CoSetProxyBlanket 311->316 317 435f6e-435f7e SysFreeString 311->317 318 435fdd-435fe4 315->318 319 435f64-435f6a 316->319 320 435af9-435b19 316->320 317->306 322 435fe6-435fed 318->322 323 435ffd-43603d call 41d220 318->323 319->317 321 435b20-435b60 320->321 321->321 324 435b62-435bde SysAllocString 321->324 322->323 325 435fef-435ffb 322->325 330 436040-436048 323->330 327 435be0-435c0c 324->327 325->323 327->327 329 435c0e-435c42 SysAllocString 327->329 336 435c48-435c6a 329->336 337 435f4e-435f60 SysFreeString * 2 329->337 330->330 331 43604a-43604c 330->331 332 435fd0-435fd7 331->332 333 43604e-43605e call 40ce10 331->333 332->314 332->318 333->332 340 435c70-435c73 336->340 341 435f44-435f4a 336->341 337->319 340->341 342 435c79-435c7e 340->342 341->337 342->341 343 435c84-435cdf VariantInit 342->343 344 435ce0-435d06 343->344 344->344 345 435d08-435d23 344->345 347 435d29-435d32 345->347 348 435f2c-435f40 VariantClear 345->348 347->348 349 435d38-435d45 347->349 348->341 350 435d47-435d4e 349->350 351 435d7d-435d7f 349->351 352 435d5c-435d60 350->352 353 435d81-435dab call 40cc80 351->353 354 435d62-435d6b 352->354 355 435d50 352->355 362 435db1-435dbf 353->362 363 435ede-435ef3 353->363 358 435d72-435d76 354->358 359 435d6d-435d70 354->359 357 435d51-435d5a 355->357 357->352 357->353 358->357 361 435d78-435d7b 358->361 359->357 361->357 362->363 366 435dc5-435dc9 362->366 364 435ef5 363->364 365 435efa-435f02 363->365 364->365 368 435f04 365->368 369 435f09-435f29 call 40ccb0 call 40cc90 365->369 367 435dd0-435dda 366->367 370 435df0-435df6 367->370 371 435ddc-435de1 367->371 368->369 369->348 374 435e15-435e27 370->374 375 435df8-435dfb 370->375 373 435e80-435e84 371->373 381 435e86-435e8e 373->381 378 435e9a-435ea3 374->378 379 435e29-435e2c 374->379 375->374 377 435dfd-435e13 375->377 377->373 378->381 385 435ea5-435ea8 378->385 379->378 382 435e2e-435e7f 379->382 381->363 384 435e90-435e92 381->384 382->373 384->367 386 435e98 384->386 387 435eda-435edc 385->387 388 435eaa-435ed8 385->388 386->363 387->373 388->373
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        • CoCreateInstance.COMBASE(00442AB8,00000000,00000001,00442AA8,00000000), ref: 00435A29
                                                                                                                                                                                                        • SysAllocString.OLEAUT32(v'w!), ref: 00435AA5
                                                                                                                                                                                                        • CoSetProxyBlanket.COMBASE(00000000,0000000A,00000000,00000000,00000003,00000003,00000000,00000000), ref: 00435AEB
                                                                                                                                                                                                        • SysAllocString.OLEAUT32(69DD6BDD), ref: 00435B67
                                                                                                                                                                                                        • SysAllocString.OLEAUT32(89518B21), ref: 00435C13
                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 00435C8C
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: AllocString$BlanketCreateInitInstanceProxyVariant
                                                                                                                                                                                                        • String ID: 03$C$\$c;m5$v'w!$|{$SQ
                                                                                                                                                                                                        • API String ID: 65563702-3459701557
                                                                                                                                                                                                        • Opcode ID: 5bf96e1d7beacc51bfd3f438cef484d64abb11964b03966416c9bd0aff63df05
                                                                                                                                                                                                        • Instruction ID: 8ee38e81a9ebfbdc9a92cdf509a7b5b91bc458359a7dce3f43b3968cf6a0eaab
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bf96e1d7beacc51bfd3f438cef484d64abb11964b03966416c9bd0aff63df05
                                                                                                                                                                                                        • Instruction Fuzzy Hash: B4125371A087008FE724CF24C88676BBBE5EF89714F14892EF9959B390D778D905CB86
                                                                                                                                                                                                        Function 00421A80 Relevance: 11.8, Strings: 9, Instructions: 544COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 419 421a80-421adf 420 421ae0-421b01 419->420 420->420 421 421b03-421b46 420->421 423 421b48-421b4d 421->423 424 421b4f 421->424 425 421b52-421b74 call 40cc80 423->425 424->425 429 421b76 425->429 430 421b7d-421bb3 call 40cc80 425->430 429->430 433 421bc0-421bfe 430->433 433->433 434 421c00-421c0b 433->434 435 421c31-421c3d 434->435 436 421c0d-421c12 434->436 438 421c61-421c79 call 43f260 435->438 439 421c3f-421c43 435->439 437 421c20-421c2f 436->437 437->435 437->437 443 421c90-421c99 438->443 444 421c80-421c87 438->444 445 421e10-421e16 call 40cc90 438->445 446 421f46-421f6f 438->446 447 421e0a 438->447 448 421e3b-421ef2 438->448 449 421df8-421e02 438->449 440 421c50-421c5f 439->440 440->438 440->440 451 421ca2 443->451 452 421c9b-421ca0 443->452 444->443 464 421e1f 445->464 454 421f70-421f82 446->454 450 421f00-421f24 448->450 449->447 450->450 455 421f26-421f3e call 41fdf0 450->455 456 421ca9-421d59 call 40cc80 451->456 452->456 454->454 458 421f84-42201b 454->458 455->446 466 421d60-421d72 456->466 461 422020-422044 458->461 461->461 465 422046-42206b call 41f9c0 461->465 469 421e25-421e2b call 40cc90 464->469 475 422075 465->475 466->466 468 421d74-421d7c 466->468 471 421da1-421dad 468->471 472 421d7e-421d85 468->472 479 421e2e-421e3a 469->479 477 421dd1-421df1 call 43f260 471->477 478 421daf-421db3 471->478 476 421d90-421d9f 472->476 481 42207b-422081 call 40cc90 475->481 476->471 476->476 477->445 477->446 477->447 477->449 477->464 477->469 477->475 477->479 477->481 487 4221c2-4221d9 477->487 488 422190-4221ba 477->488 489 42215e-422186 477->489 480 421dc0-421dcf 478->480 480->477 480->480 481->489 491 4221e2 487->491 492 4221db-4221e0 487->492 488->487 489->488 493 4221e5-422237 call 40cc80 491->493 492->493 497 422240-422254 493->497 497->497 498 422256-422268 call 41dad0 497->498
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ] @$^gPa$q"B$tw$uz$v~${=$sXu$wvy
                                                                                                                                                                                                        • API String ID: 0-1187496957
                                                                                                                                                                                                        • Opcode ID: 79bf658a7d63fd16e88e9095b464f4e6e5c0b4600c436059d468af76157c99e3
                                                                                                                                                                                                        • Instruction ID: 11580da93081b44debf38894fec1cf3a1aeec49c2061deccd092facb7d853063
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79bf658a7d63fd16e88e9095b464f4e6e5c0b4600c436059d468af76157c99e3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DF02CBB45083509FE3109F25D84072BBBF0EF96758F04892DF9999B391E77889098B9B
                                                                                                                                                                                                        Function 00423DD0 Relevance: 10.5, Strings: 8, Instructions: 483COMMON
                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                        control_flow_graph 501 423dd0-423def 502 424003-42402a call 43fcc0 501->502 503 424040 501->503 504 4240e0 501->504 505 424046-42405a 501->505 506 423e47-423fab 501->506 507 4240eb-424108 501->507 508 424070-4240bc call 43b550 501->508 509 4240d0 501->509 510 424031 501->510 511 424191-42419c 501->511 512 4241d1 501->512 513 423df6-423e00 501->513 514 4240da-4240df 501->514 502->504 502->507 502->508 502->509 502->510 502->511 502->512 502->514 529 424383-4243a5 call 440330 502->529 530 4241e0-4241fe call 43f880 502->530 531 424205 502->531 532 4243ae-4243ba 502->532 533 4243ac 502->533 534 424210-424214 502->534 535 4242d0-42431f 502->535 536 42421e-42426f 502->536 504->507 505->508 505->513 516 423e40 505->516 517 423e30-423e39 505->517 522 423fb0-423fe0 506->522 519 424110-424136 507->519 508->504 508->507 508->509 508->511 508->512 508->514 508->529 508->530 508->531 508->532 508->533 508->534 508->535 508->536 537 424180-42418a 508->537 538 42447a-42448d call 40cc90 508->538 509->514 510->503 520 4241a3-4241ca call 40cc80 call 43f9d0 511->520 521 42419e 511->521 513->513 513->516 513->517 514->504 516->506 517->513 517->516 519->519 524 424138-424140 519->524 520->512 520->529 520->530 520->531 520->532 520->533 520->534 520->535 520->536 520->537 520->538 552 424500 520->552 553 424508-424517 520->553 521->520 522->522 523 423fe2-423ffc call 43f880 522->523 523->502 523->503 523->504 523->505 523->507 523->508 523->509 523->510 523->511 523->512 523->514 523->529 523->530 523->531 523->532 523->533 523->534 523->535 523->536 539 4244d0-4244ef call 43ee80 524->539 540 424146-424152 524->540 529->532 529->533 529->537 529->538 529->552 529->553 530->529 530->531 530->532 530->533 530->534 530->535 530->536 530->537 530->538 530->552 530->553 549 4243d1-4243f3 532->549 550 4243bc 532->550 533->532 534->536 546 424320-42437b 535->546 545 424270-4242cc 536->545 537->504 537->507 537->509 537->511 537->512 537->514 537->529 537->530 537->531 537->532 537->533 537->534 537->535 537->536 537->537 537->538 537->552 537->553 538->504 538->507 538->509 538->511 538->512 538->514 538->529 538->530 538->531 538->532 538->533 538->534 538->535 538->536 538->537 538->552 538->553 566 424494-4244a6 call 43b600 538->566 539->552 539->553 551 424160-424167 540->551 545->545 557 4242ce-4242cf 545->557 546->546 558 42437d 546->558 562 424400-424426 549->562 561 4243c0-4243cf 550->561 563 4244b0-4244b6 551->563 564 42416d-424170 551->564 552->553 553->512 553->529 553->530 553->531 553->532 553->533 553->534 553->535 553->536 553->537 553->538 553->552 553->553 557->535 558->529 561->549 561->561 562->562 568 424428-424434 562->568 563->539 567 4244b8-4244ca call 43b600 563->567 564->551 569 424172 564->569 566->563 567->539 572 424470 568->572 573 424436-424442 568->573 569->539 572->538 576 424450-424457 573->576 577 424460-424466 576->577 578 424459-42445c 576->578 577->566 580 424468 577->580 578->576 579 42445e 578->579 579->572 580->572
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: !Y)[$(],_$5M0O$7E9G$9Q>S$a%a'$}z{x$}z{x
                                                                                                                                                                                                        • API String ID: 0-3640916644
                                                                                                                                                                                                        • Opcode ID: 30bba2fa2acc5fceffbfaa08989d6f522ab6edea711b466a4607af9699cfd743
                                                                                                                                                                                                        • Instruction ID: 8038b8fc89dd961067976e9b5db2b0514576f957f4e335a3c0ff1a04589f3cd3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30bba2fa2acc5fceffbfaa08989d6f522ab6edea711b466a4607af9699cfd743
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75F1E0B9608350DFE3148F25E88176BBBE2FBC6308F55992DE5C48B351D7789806CB46
                                                                                                                                                                                                        Function 00424C70 Relevance: 9.3, Strings: 7, Instructions: 501COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 01$F}w$RZB$XZB$ps$xZB$}z{x
                                                                                                                                                                                                        • API String ID: 0-2234522390
                                                                                                                                                                                                        • Opcode ID: a5cb76377ed156033a2c522bb097e029bf772fc509a0d4ef35cfdb2f120a98f9
                                                                                                                                                                                                        • Instruction ID: 7c75d544a8c29c11e0f6f274e536c446b85ab27432b89beb213d306bd112cb90
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5cb76377ed156033a2c522bb097e029bf772fc509a0d4ef35cfdb2f120a98f9
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EBF145B1A183508FD3208F65E88576BBBE1FBC6318F498A2DE4D49B351D7788805CB97
                                                                                                                                                                                                        Function 0040DA20 Relevance: 6.7, Strings: 5, Instructions: 425COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: .%$5731$<$N$zc
                                                                                                                                                                                                        • API String ID: 0-3590630948
                                                                                                                                                                                                        • Opcode ID: a339d7b774e9fb67e5e5ceacdd65e5825fb1bb6493b799b352ca91620ab2bc0e
                                                                                                                                                                                                        • Instruction ID: d361d60cf2ed4bacefb7b3db2f78a2fd6364d4ce0cb720ae1548083b2f500561
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a339d7b774e9fb67e5e5ceacdd65e5825fb1bb6493b799b352ca91620ab2bc0e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C3B1E47050C3908FD325CF2984A076BBFE1AF97344F1848ADE5D55B392D77A880ACB96
                                                                                                                                                                                                        Function 0040DE80 Relevance: 5.5, Strings: 4, Instructions: 466COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: $$$DX^3$PQ
                                                                                                                                                                                                        • API String ID: 0-2772110733
                                                                                                                                                                                                        • Opcode ID: 01d37171dfab4892303aaebfc74d19aa23d273df8484aae21f9065edfaa61c62
                                                                                                                                                                                                        • Instruction ID: 9a7bbf91fe650ef5fdbc314e9f1c13212ee9d96e8c444d51ecb61092464050ec
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 01d37171dfab4892303aaebfc74d19aa23d273df8484aae21f9065edfaa61c62
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E0E1F1716187808BD3248F35C89176BBBE1AFD6318F188A2DE5E1873A2D738D409CB46
                                                                                                                                                                                                        Function 00408960 Relevance: 4.1, Strings: 3, Instructions: 391COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: )$)$IEND
                                                                                                                                                                                                        • API String ID: 0-588110143
                                                                                                                                                                                                        • Opcode ID: a5a3db8aab89d723de9191d6d5f3303008b0f0880391b782738ea7ae35a10764
                                                                                                                                                                                                        • Instruction ID: 3fe9b987952ccde178efa9f1f1c00db419640494b095269c1b53dd01ec44560a
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a5a3db8aab89d723de9191d6d5f3303008b0f0880391b782738ea7ae35a10764
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E9E1B071A087019FE310DF28C88571ABBE0BB94314F14463EE999A73D1DB79E915CBCA
                                                                                                                                                                                                        Function 0040F0B0 Relevance: 4.1, Strings: 3, Instructions: 367COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ()$0$2
                                                                                                                                                                                                        • API String ID: 0-2766669394
                                                                                                                                                                                                        • Opcode ID: 8693eff9a9b60096192bb9ab72382483b898d45a07cee045bb13913a89f04554
                                                                                                                                                                                                        • Instruction ID: 866e2b648f7bcc383e22ba6bbda90a5c047cd05d48a8e8d2e44f1a1a3b7545c2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8693eff9a9b60096192bb9ab72382483b898d45a07cee045bb13913a89f04554
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1CC1D47050C3805BD324CF29D45036BBBE2ABD2358F18897DE4D59B792D779884ACB86
                                                                                                                                                                                                        Function 00430A30 Relevance: 3.2, APIs: 2, Instructions: 155COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        APIs
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: MetricsSystem
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 4116985748-0
                                                                                                                                                                                                        • Opcode ID: 848ca4ac9c7c9123e47ac06bf2781841a63368e1a9ee2891494c07c3ac6088da
                                                                                                                                                                                                        • Instruction ID: fbbce7ad633b07f750d1d39319c3832ca9b6930809a03d8f12be590156538362
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 848ca4ac9c7c9123e47ac06bf2781841a63368e1a9ee2891494c07c3ac6088da
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77A14CB040D3818BE370DF54C58879BBAE0BB85308F508D2EE5994B350DBB9594ACF97
                                                                                                                                                                                                        Function 0043E5E0 Relevance: 3.1, Strings: 2, Instructions: 649COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 2C$RC
                                                                                                                                                                                                        • API String ID: 0-1391150340
                                                                                                                                                                                                        • Opcode ID: fc5ff4035ef74794b7028ebda16b818d7be87af367fc3d0af348e6a1eedd5825
                                                                                                                                                                                                        • Instruction ID: 902639593efb1adc729ef976fb9a09d130562e765ab59f5f1a123f29baa4bf43
                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc5ff4035ef74794b7028ebda16b818d7be87af367fc3d0af348e6a1eedd5825
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9922FF35B49251CFCB08CF68E8D06ABB7E2EF8A314F19997DD48587392D634AD41CB84
                                                                                                                                                                                                        Function 004039B0 Relevance: 2.9, Strings: 2, Instructions: 404COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: Inf$NaN
                                                                                                                                                                                                        • API String ID: 0-3500518849
                                                                                                                                                                                                        • Opcode ID: b2d6dbe4a8ed3ba7c3c3ece30ad588f21e603247d60f78f7ed55546bfa18716e
                                                                                                                                                                                                        • Instruction ID: 9d20fe0f1689027ec302827207c54d9aa33afb8cf0750e27db07b6bb90104c65
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b2d6dbe4a8ed3ba7c3c3ece30ad588f21e603247d60f78f7ed55546bfa18716e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73D1D272A083019BC704CF28C88161BBBE9EFC4751F258A3EF895A73D1E674DD458B86
                                                                                                                                                                                                        Function 00413D2B Relevance: 2.1, Strings: 1, Instructions: 802COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: s:q
                                                                                                                                                                                                        • API String ID: 0-483140254
                                                                                                                                                                                                        • Opcode ID: 2fbcd08d13f8021f002303ea8d3e20b6aa275f7fa46ec9a352661307ee1a7e0d
                                                                                                                                                                                                        • Instruction ID: 6036188e1ed5018d006e1f384ad2fcb1d8c6c09e317ce672a3582a55f58dd5b1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fbcd08d13f8021f002303ea8d3e20b6aa275f7fa46ec9a352661307ee1a7e0d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB522AB1A08B408FD7149F38D8853AABBE1AB95314F184A7ED4EBC77C2E639D445C706
                                                                                                                                                                                                        Function 00405530 Relevance: 1.8, Strings: 1, Instructions: 564COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: %1.17g
                                                                                                                                                                                                        • API String ID: 0-1551345525
                                                                                                                                                                                                        • Opcode ID: 38aad22bf880a385f5b3bc80ef90ccec1320577a8e042b7dd5b195cd37d88965
                                                                                                                                                                                                        • Instruction ID: 077f9847fbed58773027dffa039ca16d7d653e837e8eadc87091485fb59088b8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 38aad22bf880a385f5b3bc80ef90ccec1320577a8e042b7dd5b195cd37d88965
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9C12F4B6A08B418BE7258E559480327BBE2EFA0304F19857FD8956B3C1E779DC05CF4A
                                                                                                                                                                                                        Function 004266F0 Relevance: 1.6, Strings: 1, Instructions: 358COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ZpB
                                                                                                                                                                                                        • API String ID: 0-696724286
                                                                                                                                                                                                        • Opcode ID: aac9f92ae41d74f6a34162c3a1563f505ed7264d0c5e5c8e9acf192fc5f7c0d0
                                                                                                                                                                                                        • Instruction ID: 0ccc64e59b4d2728c8f97c992ab3215f7c9b2ea39977d498fa6241edf0da81b1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: aac9f92ae41d74f6a34162c3a1563f505ed7264d0c5e5c8e9acf192fc5f7c0d0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5FC1FE752083518FD324CF24D8407ABBBF1FFC6704F01892DE999AB281D7B89909CB96
                                                                                                                                                                                                        Function 0040AB40 Relevance: 1.5, Strings: 1, Instructions: 265COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: ,
                                                                                                                                                                                                        • API String ID: 0-3772416878
                                                                                                                                                                                                        • Opcode ID: 3e27b3bc0118daddfb78c1ff50b696ff5a70bdc5a793623f9e2326fd38dc7343
                                                                                                                                                                                                        • Instruction ID: 226781dae8db81a62a14f97f140b8ef02ee1da9dd1e777bf2bcccb83acfa2f58
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3e27b3bc0118daddfb78c1ff50b696ff5a70bdc5a793623f9e2326fd38dc7343
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 29B137711093819FD325CF28C88061BFBE1AFA9704F444E2EE5D997782D635E918CBA7
                                                                                                                                                                                                        Function 0041D220 Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        • 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899, xrefs: 0041D331
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: 00010203040506070809101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
                                                                                                                                                                                                        • API String ID: 0-2272463933
                                                                                                                                                                                                        • Opcode ID: 56ac3e6c7b0808a1757b2f3ff339e943d80b81c34b0f003aab39c65060a22481
                                                                                                                                                                                                        • Instruction ID: 8bb0e18666fd5cb64b807bf3461d7b0b5ca36abc21e6d5087c13faf7ad724bd6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 56ac3e6c7b0808a1757b2f3ff339e943d80b81c34b0f003aab39c65060a22481
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8D61F477E1AA904BC7148A7C4C412E9AA531BD733473E8377D8B18B3E5C57E88478356
                                                                                                                                                                                                        Function 00411DB0 Relevance: 1.4, Strings: 1, Instructions: 145COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: -4
                                                                                                                                                                                                        • API String ID: 0-3249790742
                                                                                                                                                                                                        • Opcode ID: f245920793f3f06b5061773f2af4dc8e13cb0e84e1ed52610213c48ee7e60263
                                                                                                                                                                                                        • Instruction ID: 8aca84e40545209fdb2d8b35976cefb1c594da7aa5ff0c97ffd916c953638cdc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f245920793f3f06b5061773f2af4dc8e13cb0e84e1ed52610213c48ee7e60263
                                                                                                                                                                                                        • Instruction Fuzzy Hash: C6415B3662931057C32C8F68C89256BB792EF95308F19923FDD4A172A1DB799C418BCD
                                                                                                                                                                                                        Function 0043F880 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                        • API String ID: 2994545307-2766056989
                                                                                                                                                                                                        • Opcode ID: b77eeb9d4f4cfa6132d16a6903bb96af77942d9becee4474505664cb9fcd5ef3
                                                                                                                                                                                                        • Instruction ID: 6da14dff6695a29b7a138f1b5872fd1f2216a7a8924e699d2d19755c0f6557e7
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b77eeb9d4f4cfa6132d16a6903bb96af77942d9becee4474505664cb9fcd5ef3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7931F0755183049BC714DF18C88176BFBF5EF89314F05A82EE9A547290E73899088BAA
                                                                                                                                                                                                        Function 00436350 Relevance: 1.4, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: }z{x
                                                                                                                                                                                                        • API String ID: 0-1935807464
                                                                                                                                                                                                        • Opcode ID: b1715a965de853f533f5c5515e34f363177f258666483e832bf9f3e304972c17
                                                                                                                                                                                                        • Instruction ID: c2fe4bd197b3f8940e13c4d42f8ccc48d4f2f790a7f62d3db4fbfa854d76f439
                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1715a965de853f533f5c5515e34f363177f258666483e832bf9f3e304972c17
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2C318D70A043017BE6109B15CC81B3B77A9DF9970CF01A53EFD9597252E239DC05C26E
                                                                                                                                                                                                        Function 0041102F Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Strings
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID: -4
                                                                                                                                                                                                        • API String ID: 0-3249790742
                                                                                                                                                                                                        • Opcode ID: c1f68f55d8e8b98da7a8dc8f71a31de373854987414512868f1acd656190aac3
                                                                                                                                                                                                        • Instruction ID: ee78c7d0252da59181078afd55f973ef8b1dab3207e3fec2bebd3f090d2a1d50
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1f68f55d8e8b98da7a8dc8f71a31de373854987414512868f1acd656190aac3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44C01238A180008B86088F20AC80139B27AAB8F20AB50A42AC01B6B222C274D442860C
                                                                                                                                                                                                        Function 0040C170 Relevance: .8, Instructions: 819COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f5ba352af5ca715abe479738bb6b312ed046c57a3e05c3cd0d3c59ffe06acf4e
                                                                                                                                                                                                        • Instruction ID: f06f65b5d03a22e7db1d70af003363d6843660b59ca7c9bf4459dd449c9d9dac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5ba352af5ca715abe479738bb6b312ed046c57a3e05c3cd0d3c59ffe06acf4e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9A52B131618311CBC725DF18E9C026BB3E1FFC4315F258A3ED996A7285D738A951CB8A
                                                                                                                                                                                                        Function 00412322 Relevance: .7, Instructions: 728COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9b58a2cc0768c28ccebc16d9dbc2abb942bb3a87778aafb11efddf1ece505375
                                                                                                                                                                                                        • Instruction ID: 60f0404e1f23d10ae4745407cc0b3a08e0d239165d91bd150a0d1b969d7f1e97
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b58a2cc0768c28ccebc16d9dbc2abb942bb3a87778aafb11efddf1ece505375
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF5218B1508B408BD3249F38D5893EBBBD1AB95314F188D3ED8EBC33C2E679A4458716
                                                                                                                                                                                                        Function 0040A5F0 Relevance: .5, Instructions: 459COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2a7ddd9723cf316ec1709d26cbdaaae7fb7236442668c9629ac40c32e8f4a8d3
                                                                                                                                                                                                        • Instruction ID: 618b86bf15bcba3e6bb4b432628653469f60eedb0241b407a2bfa20550f3c4a2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a7ddd9723cf316ec1709d26cbdaaae7fb7236442668c9629ac40c32e8f4a8d3
                                                                                                                                                                                                        • Instruction Fuzzy Hash: DDF1CF752083418FD724CF29C88176BBBE2AFD9304F08892EE5C587391E639E849CB56
                                                                                                                                                                                                        Function 0040805C Relevance: .4, Instructions: 450COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d3f5aa3711bdf0b8c49ed85d9b93d4e585c5b9c18ea3bafb98d431d863c3a0c4
                                                                                                                                                                                                        • Instruction ID: bd1723c223f7eb562c1353133bc042011f6623e0ddad751b3138fee0dd62ddd0
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3f5aa3711bdf0b8c49ed85d9b93d4e585c5b9c18ea3bafb98d431d863c3a0c4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4802F370515B108FC328CF29C69052ABBF2BF857107644A2ED6D79BF91DB3AB845CB18
                                                                                                                                                                                                        Function 00409340 Relevance: .4, Instructions: 434COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 29218efef96e067422ec2fd3e5dc9a8299b5a00c7e48d3a2f96ac08650209e17
                                                                                                                                                                                                        • Instruction ID: 97253064c69b8c4f1bdb94304eb5ebecd96102c49767e0552a78d5c7ce022684
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 29218efef96e067422ec2fd3e5dc9a8299b5a00c7e48d3a2f96ac08650209e17
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8F18879608201DFD708CF24E8A176AB7E2FBCA305F04893DE88587391D779E995CB85
                                                                                                                                                                                                        Function 004247C0 Relevance: .4, Instructions: 415COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 3d8fabf0e194c95c7a0dafbd075ce3d8357dc4ec84aad7939ffeedf01544423a
                                                                                                                                                                                                        • Instruction ID: 050cd24433f61f3763ad39defb1fc8a13c057351b8bc1ee48cf204f6d01fffd2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3d8fabf0e194c95c7a0dafbd075ce3d8357dc4ec84aad7939ffeedf01544423a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 77C15B727083204BD714CF28E8923ABBBD2EBD1304F59853EE8968B381D63DDD058799
                                                                                                                                                                                                        Function 00414763 Relevance: .4, Instructions: 409COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d3f3f698e9e391ba0a831ba0391560dfd341afd4c00482c3fcd74ebe4db06af0
                                                                                                                                                                                                        • Instruction ID: 7a2dfd4c9c44b8f34a642c7a5e7a99616abca5c8548b45e486e875ab3add2058
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3f3f698e9e391ba0a831ba0391560dfd341afd4c00482c3fcd74ebe4db06af0
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 73E108B1A047408FC714EF38D4953AABBE1AF96314F194A3ED4DB87382E639E845C746
                                                                                                                                                                                                        Function 00434FA0 Relevance: .4, Instructions: 371COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: bfcf0de0369a1c97715e9dc55c385f0aa391e82ddc83cc17cfee759ef651b1aa
                                                                                                                                                                                                        • Instruction ID: 35b3afdd10b6255075e5ec88915a7cba6496d670eb1086b6bfd8ab7444e40858
                                                                                                                                                                                                        • Opcode Fuzzy Hash: bfcf0de0369a1c97715e9dc55c385f0aa391e82ddc83cc17cfee759ef651b1aa
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A3D11D73E04B918FC711C9BCCC8139ABFA15B5B324F1D8296D895DB392D17E98068792
                                                                                                                                                                                                        Function 0040B1D0 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: d225d147fb8f80e038301bac62adfa292365b8edca26cfec2f3e898f4c5d4bc4
                                                                                                                                                                                                        • Instruction ID: 17896dd4266b7b630411069470114ff247ae57434cb980056c855e552f0d8074
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d225d147fb8f80e038301bac62adfa292365b8edca26cfec2f3e898f4c5d4bc4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2FC16BB29087418FC360CF28DC86BABB7E1EF85318F08492DD1D9D6342E778A155CB4A
                                                                                                                                                                                                        Function 00440330 Relevance: .3, Instructions: 298COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 2c7a2566a8df02482e6f8ea514137cd4a7534e3ff17f4b5a51d2ab025bb59693
                                                                                                                                                                                                        • Instruction ID: 58a69b57af7e24ee3c62efa82a7d8eee2b8501685cdd5d883de90afc41c95a7c
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c7a2566a8df02482e6f8ea514137cd4a7534e3ff17f4b5a51d2ab025bb59693
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 728126326083109BE728CF14C85176BB7E2EFC5314F19852EEA9647391DB79DC158B8A
                                                                                                                                                                                                        Function 0043FCC0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: d4d67133e1f76e347ed4bd23e5fa145e2577103d4840d7d2c6d0733522e4c4a5
                                                                                                                                                                                                        • Instruction ID: d5e2c306aed0e9f0a4523fdea87c2092727505e879cf5e08cc8bb1e74fe301f1
                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4d67133e1f76e347ed4bd23e5fa145e2577103d4840d7d2c6d0733522e4c4a5
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E91D235A143018BD714DF18C850A2BB7E2FF99750F19A47EE9858B361EB34EC15CB8A
                                                                                                                                                                                                        Function 0043F9D0 Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: 47efa7894c52dbbfda15281d9f5f0fdb6929cc71dc4ceafa39e0ce71118ea88c
                                                                                                                                                                                                        • Instruction ID: 448ffca5d87b80d32822c8b64973462d570a6b027f83770f115344b2745d6aa8
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 47efa7894c52dbbfda15281d9f5f0fdb6929cc71dc4ceafa39e0ce71118ea88c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A6813976A183055BD714AF18C85073BB3E2FFC9350F09A43EE8858B351EB38E915979A
                                                                                                                                                                                                        Function 00411FD0 Relevance: .3, Instructions: 256COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 334315078cbaae174f8a570c54b784edddb5051631464bdcb62a607130f57c0c
                                                                                                                                                                                                        • Instruction ID: 05021d5b9bbbf7fb7e0a61cc7d1feb84aaf99e560592e6d9dd0c3ffc95d10e9d
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 334315078cbaae174f8a570c54b784edddb5051631464bdcb62a607130f57c0c
                                                                                                                                                                                                        • Instruction Fuzzy Hash: E6A14BB1904B409FC321DF39D94A3EBBFE9AB56310F14893EE4EAC3341D27561168B96
                                                                                                                                                                                                        Function 00428B00 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 74e01eaddd3b08cbcbafba57961538796ca2ecad021c3de853168ded57cf657d
                                                                                                                                                                                                        • Instruction ID: 6b217d0bde1c941cb29440435e39900910855c354c974b111997b1ea3d25e248
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 74e01eaddd3b08cbcbafba57961538796ca2ecad021c3de853168ded57cf657d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6B61E57171A3219BD714CE29E58031FBBE2ABD5350F94C82EF4888B391DB78EC45874A
                                                                                                                                                                                                        Function 00438330 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID: InitializeThunk
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID: 2994545307-0
                                                                                                                                                                                                        • Opcode ID: c6ca3d2bb1bb8eca0541fe856455ad95d0fabbc903a171a047880f17ab045889
                                                                                                                                                                                                        • Instruction ID: 767567ce47251ea28a1813ea366a1b038ceed0e869b8d918d7d8446cf86f5ca2
                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6ca3d2bb1bb8eca0541fe856455ad95d0fabbc903a171a047880f17ab045889
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D517C766083015BD7148B28C85473BF7A1EBDA754F29A47EF4C66B382EA34DC01879A
                                                                                                                                                                                                        Function 00434D40 Relevance: .2, Instructions: 189COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: f444a92e1affdee57848f95df307277b39aa4dc8594c659b45d49461fd2a1137
                                                                                                                                                                                                        • Instruction ID: ae04bbdf5937360d16f32479811ab3580af4a1633b7bc5b7c711c2fad65d9037
                                                                                                                                                                                                        • Opcode Fuzzy Hash: f444a92e1affdee57848f95df307277b39aa4dc8594c659b45d49461fd2a1137
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1F517DB16087548FE314DF29D49475BBBE1BBC8318F044A2EE5E987350E379DA088F86
                                                                                                                                                                                                        Function 00436490 Relevance: .2, Instructions: 176COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: ebefbd2e81118e26db2bca344f504115a37fce991c450cc7815094b32cf2281a
                                                                                                                                                                                                        • Instruction ID: 19debb8a8d8565b76ee40dc244b2f2426bd5e4b62acc433009fbdb8ad7d8ecfd
                                                                                                                                                                                                        • Opcode Fuzzy Hash: ebefbd2e81118e26db2bca344f504115a37fce991c450cc7815094b32cf2281a
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4251907190C7556FCB258A2884903BFBBD29F99314F0A892EE4D64B386D23CDD05C785
                                                                                                                                                                                                        Function 00405DE0 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a58504cef81af462c00d75cd3a6e1fd44affcc4a7f9be854e0ed3a881bcecbba
                                                                                                                                                                                                        • Instruction ID: 0d33a859858de1e777918ecbbea9d87bf78b6d517e5369397cfe6a83e4d9b11e
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a58504cef81af462c00d75cd3a6e1fd44affcc4a7f9be854e0ed3a881bcecbba
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1051AE75A046019FC714DF18C480927B7A1FF89324F15467EF899AB392DA39EC42CF9A
                                                                                                                                                                                                        Function 00409C61 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7139a7d65c172c95509649001ba5777967c86884962399ace91f58bab8b44ba7
                                                                                                                                                                                                        • Instruction ID: df614b7df28d3c373759bf57b018910391c4afda2941612bc8bfffe953c98c61
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7139a7d65c172c95509649001ba5777967c86884962399ace91f58bab8b44ba7
                                                                                                                                                                                                        • Instruction Fuzzy Hash: D651153610D380EFC7518F688880A5FBBE2BFDA300F48896DF584572A2D275D925DB57
                                                                                                                                                                                                        Function 0040A070 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 45645fe5c41b63afe76149a1f1d106a7e8655c1f0b71fd5b5b8261797b710ec6
                                                                                                                                                                                                        • Instruction ID: 95f36f4564cb873c363d7cd6bc568f58acadc4cf7d4da6ae083c5bfa51f704ac
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 45645fe5c41b63afe76149a1f1d106a7e8655c1f0b71fd5b5b8261797b710ec6
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27516B3510D380EFC7518F689880A5FBBE2BFEA300F88496CF58417292D275C925DB57
                                                                                                                                                                                                        Function 0041DAD0 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 25a8ae54194628ce951a9ac1be7a92b04f1d02fe815cba58de101e68f4f2ef53
                                                                                                                                                                                                        • Instruction ID: 6a3c87ed268c674eb99f3637c0156bf68a3d7e0a263c8b87bddcd13a1fbb2be6
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25a8ae54194628ce951a9ac1be7a92b04f1d02fe815cba58de101e68f4f2ef53
                                                                                                                                                                                                        • Instruction Fuzzy Hash: EB312A75A08604EFD704DF28DC45BAB77E8EB8A354F14493DF849C7281E238D94587AA
                                                                                                                                                                                                        Function 00438580 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 9d1718495f1a67f714267e6f5497ce989f1457aed858257dd26a4debfbca120e
                                                                                                                                                                                                        • Instruction ID: 800bc67bdf34f8eb84e2d2acdca91b3e4e4a41be4a419d3d02d7bdb166052edc
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d1718495f1a67f714267e6f5497ce989f1457aed858257dd26a4debfbca120e
                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC3126765093108BD311CF19C88576BFBE0EBC9719F18A97DF4849B351CB7889068BDA
                                                                                                                                                                                                        Function 00404D50 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 6a76eb7eb63eade94f7132feaaf8dedce8e54546576fc84971e28d0a71774e88
                                                                                                                                                                                                        • Instruction ID: 4c073cf3540596e04badca7617fc7e9bc7deaedfcf28b63a0a35df37db274471
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a76eb7eb63eade94f7132feaaf8dedce8e54546576fc84971e28d0a71774e88
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5731A7B1604200DBD7559F19C88096BB7E1EFC4318F18893EE999A73C1D339DC52CB8A
                                                                                                                                                                                                        Function 0040A228 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 1e400cc1ff9afcf8d7bade2eb00a7de6f57495f19deded93e5cef6c9839eea4d
                                                                                                                                                                                                        • Instruction ID: c60a43bc608d5191a59b833cd01f495d5c8f59cdd8d7f0654980d04143b3cf06
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e400cc1ff9afcf8d7bade2eb00a7de6f57495f19deded93e5cef6c9839eea4d
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 27314D3510D381EFD395CF28D884A9F7FE1AFE6200F8599ADF8804B292C674C458CB62
                                                                                                                                                                                                        Function 00428140 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: 7b9fc61df29c2f1d0496c7ab837a9927e84d0bf5a8dd5682502c5fcd3b1fcbf4
                                                                                                                                                                                                        • Instruction ID: 6336afc45053181afdc7446a70e9b56c12bbfa34acc44c348cd50f34c0f480c3
                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b9fc61df29c2f1d0496c7ab837a9927e84d0bf5a8dd5682502c5fcd3b1fcbf4
                                                                                                                                                                                                        • Instruction Fuzzy Hash: A40192B170231147E6209F52E8C573BB2A89F84708F08453EE8089B381EF79EC26C299
                                                                                                                                                                                                        Function 00407210 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                        • Source File: 00000004.00000002.1445237825.0000000000401000.00000040.00000001.01000000.00000004.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445221429.0000000000400000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000454000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004A4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004AF000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004C3000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000004F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000516000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000543000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000545000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000547000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000549000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054B000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000054F000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000551000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000553000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000555000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000557000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000559000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005EE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F0000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F2000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F4000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F6000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005F8000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FA000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FC000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.00000000005FE000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000600000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000602000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000604000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000606000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000608000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.000000000062D000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1445237825.0000000000856000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446204684.00000000009E3000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446229961.0000000000A0B000.00000004.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446250702.0000000000A11000.00000020.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000000D6C000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446465256.0000000001118000.00000040.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        • Associated: 00000004.00000002.1446720034.0000000001119000.00000008.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                        • Snapshot File: hcaresult_4_2_400000_f86nrrc6.jbxd
                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                        • Opcode ID: a03e5394408b1fdc976f891483c031e2c6c7e2b4ccc8eb1f281f531e604d31db
                                                                                                                                                                                                        • Instruction ID: b9eed158d1a4c5a8f95884017e16127f008288ee18346c9cf546a7ae42f2f0ed
                                                                                                                                                                                                        • Opcode Fuzzy Hash: a03e5394408b1fdc976f891483c031e2c6c7e2b4ccc8eb1f281f531e604d31db
                                                                                                                                                                                                        • Instruction Fuzzy Hash: 54F0F62AB5C31A0BE620DEF99CC0827F3D6D7CA254B19423DF941D3391D479F80282A6